December 3, 2024
Subscribe RSS Feed

Microsoft Plans Critical Internet Explorer, Windows Updates for Patch Tuesday

Posted on July 4, 2014 by in Security

Microsoft announced plans today to release six security bulletins as part of this month’s Patch Tuesday.

Of the six, two are rated ‘critical’, while three are rated ‘important’ and one is considered ‘moderate.’ The updates are for Microsoft Windows, and Microsoft Server Software and Internet Explorer, with the critical ones targeted at IE and Windows.

It’s the time of year where many people take vacation away from the office but this won’t be the month to push off patching, blogged Russ Ersnt, director of product management for Lumension.

“Datacenter administrators shouldn’t plan to be away too much next week since every bulletin impacts nearly every supported Windows Server version,” he added. “Two of the bulletins even impact Windows Server set to Core mode.”

Wolfgang Kandek, CTO of Qualys, called the IE bulletin the most critical, and noted it affects all versions of the browser from Internet Explorer 6 to Internet Explorer 11.

“This patch should be the top of your list, since most attacks involve your web browser in some way,” he blogged. “Take a look at the most recent numbers in the Microsoft SIR (Security Intelligence Report) report v16, which illustrated clearly that web-based attacks, which include Java and Adobe Flash are the most common.”

Bulletin 3, 4, and 5, he added, are all elevation of privilege vulnerabilities in Windows and affect all versions of Windows.

“They are local vulnerabilities, i.e they cannot be used to achieve code execution remotely through the network, but require that the attacker already haves a presence on the targeted machine as a normal or standard user,” Kandek blogged. “Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers get an account on the machine, say through stolen credentials. In any practical scenario, the attacker then wants to assure continued control of the machine and will need to become administrator of the machine to install their controlling malware. This is where these vulnerabilities come in – we consider these extremely important to fix to help frustrate or slow down attackers once they are on the target machine.”

The final bulletin is rated ‘moderate’ and impacts Microsoft Service Bus for Windows Server, Ernst explained.

“Microsoft Service Bus is a messaging service used by many third-party web applications as well as by Microsoft Azure, so even though this is rated as Moderate, it is probable that this vulnerability would be used in conjunction with other vulnerabilities to target those applications,” he blogged.

The Patch Tuesday updates will be released July 8 at approximately 10 am PT.

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:

Tags:


SecurityWeek RSS Feed

We aren’t going to have 3 different versions of Windows

Posted on December 4, 2013 by in Uncategorized

Summary: A Microsoft official confirms the organization is planning to trim the quantity of different versions of Windows inside its portfolio.
Microsoft currently has three different versions of Windows running on mobile devices. But Microsoft is working to reduce that number, Julie Larson-Green, Executive Vice President of Devices and Studios, confirmed in an interview last week.
At present, Microsoft offer plain-old Windows for Intel-based PCs and tablets. There’s Windows RT for ARM-based PCs and tablets. And there’s the Windows Phone OS for Windows Phones.
I reported earlier this year that one of my sources said Microsoft is planning to whittle this down to two versions, though possibly not until the spring of 2015.
Speaking at the UBS Global Technology Conference last week, Larson-Green confirmed Microsoft plans to reduce the number of Windows variants it has in its portfolio. She told attendees during a question and answer session the following:
“We have the Windows Phone OS. We have Windows RT and we have full Windows. We’re not going to have three. We do think there’s a world where there is a more mobile operating system that doesn’t have the risks to battery life, or the risks to security. But, it also comes at the cost of flexibility. So we believe in that vision and that direction and we’re continuing down that path.”
Larson-Green said Windows RT was Microsoft’s “first go” at creating a turnkey, closed system, similar to iOS for the iPad. Like iOS, Windows RT isn’t as flexible, she acknowledged, but it’s more seamless and simplified.
“I think we didn’t differentiate the devices (Surface RT vs. Surface Pro) well enough. They looked similar. Using them is similar. It just didn’t do everything that you expected Windows to do. So there’s been a lot of talk about it should have been a rebranding. We should not have called it Windows. How should we have made it more differentiated? I think over time you’ll see us continue to differentiate it more,” she said.
As I noted back in October, Microsoft seems to be thinking about creating some kind of hybrid OS that will bring closer together Windows RT and the Windows Phone OS. And at least according to one of my sources, it’s more likely that the Windows Phone OS core is what Microsoft will use as the starting point, rather than Windows RT. If Microsoft is pursuing this path, there might just be full Windows and the new hybrid ARM-targeted variant of Windows in just over a year.
Larson-Green dropped a couple of other interesting tidbits during her UBS interview on November 21. She hinted that Microsoft is working towards a future where users may carry multiple kinds of phones or portable devices of some kind. she said that there could be a time when users have “three or four” phone-like devices they’ll be able to switch between, using the one best suited to a particular scenario.
I have that six-inch one (presumably the Nokia 1520 or a device like it),” she said, “and when you’re traveling on the train and you’re using public transit so you can see more and do more, and then when you’re out in the evening and you only have your suit, or your evening dress, you have a small one that slips in your pocket. You can buy more than one.”
Microsoft is known to be working on wearable technology projects of various kinds, with devices sporting different kinds of sensors.