Microsoft To Patch 2 Critical Bugs


Microsoft will fix two critical bugs on Patch Tuesday -- but not for Windows 8.1 users who haven't installed the Windows 8.1 Update.



(Click image for larger view and slideshow.)


Microsoft will address two critical bugs in this month's Patch Tuesday, including one that affects all currently supported versions of Internet Explorer (IE).


For most users, the update process will be routine. But Windows 8.1 users will not receive the fixes unless they've installed Windows 8.1 Update. If they have, customers will receive the first update under the company's new policy. Microsoft announced last week that instead of releasing new features every few years in large updates, it will increasingly launch new Windows capabilities via monthly updates, just as it already does for security patches.


[Is Microsoft finally ready to compete in the smartphone race? Read Windows Phone 8.1 Update: 7 Key Facts.]

Microsoft will address nine bugs total. As mentioned, two are marked 'Critical,' the company's highest designation. Each involves a flaw that could allow an attacker to remotely take control of the user's machine.


The first critical vulnerability involves IE versions 6 to 11, and the other involves a graphics-related exploit in Windows that could allow an attacker to con the user into opening a malicious file. Microsoft said the first vulnerability is an urgent issue only for locally installed systems, and a moderate issue for server versions of Windows. The second critical bug, meanwhile, affects only professional and business editions of Windows 7, 8, and 8.1. It does not apply to widely used consumer products such as Windows 7 Home Basic.



In a blog post, Wolfgang Kandek, CTO of security vendor Qualys, said the IE fix should be users' top priority because most cyber-attacks involve web browsers. To help improve IE security, Microsoft's Tuesday package will also modify IE versions 8 to 11, excluding the Modern edition of IE in Windows 8 and 8.1, to block outdated versions of the Java Active X plug-in. According to Microsoft, this change will close holes that attackers often use to trick users into clicking malicious links.


The other fixes are rated 'Important.' One deals with a remote execution flaw in the Office 2007 version of OneNote, while three others nuke bugs that could allow a user to elevate his credentials and potentially gain unauthorized administrative privileges. Both PC-based versions of Windows and server products are affected.


Kandek noted that attackers might exploit credential-elevation flaws by obtaining stolen credentials that belong to a low-level employee, using these credentials to get basic network access, and then using the flaw to acquire administrator status. From there, the attacker could be able to install malware to take control of the machine.


The remaining updates plug holes that could allow security mechanisms to be bypassed in Windows. Microsoft will begin rolling out the update on Tuesday around 11:00 a.m. PT. To address customer questions, the company will host a webcast Wednesday at the same time. Four of the nine fixes, including the critical one for IE, require that machines be restarted, which could add a few steps to the process for IT admins.


Windows 8.1 users who have not upgraded to Windows 8.1 Update will not receive Tuesday's security improvements. The company will continue to support the original version of Windows 8 until at least the end of 2015, but Windows 8.1 users are a different story. Consumer Win 8.1 customers who haven't installed Update haven't received new security patches since earlier this summer. Business customers originally faced the same deadline, but after hearing complaints, Microsoft gave many of its commercial customers extra time. That grace period expires this month, however.


This Tuesday's bundle is also expected to include feature enhancements for Windows 8.1 Update, including more precise touchpad controls, and expanded Miracast support. Microsoft was originally expected to launch a series of new features in a large 'Update 2,' but the company said not to expect major Windows 8.1 updates, and that it will launch new features via a continuous upgrade cycle. This change is one of several Microsoft efforts to move customers, many of whom are invested only in older products, to the company's newest platforms. It recently announced, for example, that starting in 2016, IE users will receive security updates only if they're moved to the latest version of the browser available on their particular system.


Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Get the Advanced Attacks Demand New Defenses report today (free registration required). In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

Rumors also continue to swirl that Microsoft is readying the next version of Windows, which is codenamed ' Threshold' and might be called 'Windows 9' when it hits the market. 'Threshold' is expected to include virtual desktops and a reimagined Start menu, among other improvements. It's not clear clear, however, how the release of a new version of Windows might reconcile with the company's intention to continually push out iterative updates.


Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio


Comments

Post a Comment

Popular posts from this blog

5 Reasons iPhone 6 Won't Be Popular

Image
The majority of users are waiting for the next smartphone from Apple - iPhone 6 – this year. Unfortunately, the hype around iPhone began to gradually subside with each passing year after the 4th model launched. Therefore, it is possible that the sixth iPhone model of  will not be nearly as popular as it was in the beginning. Global audience perceived iPhone 4S and iPhone 5 much cooler than its early models New iPhones will not cause that “wow”-effect, which was in the beginning, when Steve Jobs' presentations caused a delight and admiration of every new Apple gadget. Some leaked photos of iPhone 5S prototype show that it does not differ from its predecessor at all. Therefore, all hopes for something radically new in design and features are laid on iPhone 6. And if Apple is no longer holds its standards, that seem to be a little bit old-fashioned already, it is unlikely that iPhone 6 will be interesting for people next year. 5 main reasons can be found to think like
Read more

Eset nod32 ativirus 6 free usernames and passwords

Image
                              Hi friends,after little long time I'm going to write again about eset nod 32 antivirus.As I told in previous post if you are user on windows 8 Eset nod 32 is the best antivirus for your personal computer.the latest product eset nod 32 antivirus 6 has special features with 100% really working.Not need to purchase full version from buying it.Download the eset nod 32 trial version and activate your est antivirus from below updated usernames and passwords. Firstly I would like to tell something about est nod32 antivirus 6. The latest product having: Eset smarter scan  Scan while downloading something Anti-Theft Idle-state scanning Clean and safe E-mail Removable media security system tools         Download Eset nod32 antivirus 6 Trial version Here     After downloading Eset nod32 Antivirus activate it using below usernames and passwords. Username: EAV-30326836                                       Password: ccka4dvsuv Expire: 16-10-2013 Username:EAV-79084
Read more

Apple's self

USA TODAY Apple's self-driving car racing toward reality, report saysUSA TODAYSAN FRANCISCO - Apple's self-driving car effort, code-named Project Titan , is more reality than rumor, according to documents obtained by the British newspaper The Guardian. Engineers working for the Cupertino-based tech hardware giant met in May with ...Apple Is Getting Closer to a Self-Driving CarTIMEApple is reportedly looking at places to test its self-driving carThe VergeApple eyes former naval base in California to test 'Project Titan' self ...Apple InsiderThe Independent -Business Insider -Cult of Macall 10 news articles »
Read more