Search
Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom Ingram Micro ONE 2019 News The IoT Integrator Juniper NXTWORK 2019 News Lenovo Newsroom Lexmark Newsroom NetApp Data Fabric NetApp Insight 2019 News Cisco Live Newsroom HPE Zone Intel Tech Provider Zone

Microsoft To Fix Critical Errors, Windows Zero-Day Flaw

A Microsoft security update this week will correct a critical Windows zero-day vulnerability that is being actively targeted by cybercriminals. The update also repairs vulnerabilities in Silverlight, Internet Explorer and the .NET Framework.

In its Advance Notification issued July 4, the software giant said the updates impact all supported versions of Windows as well as Internet Explorer, Silverlight and the .NET Framework.

A kernel-mode driver vulnerability was publicly disclosed in May by Google security researcher Travis Ormandy on the Full Disclosure mailing list. A proof-of-concept exploit targeting the coding error was tested against systems running Windows 7 and Windows 8. The flaw cannot be exploited remotely and Microsoft has not detected any ongoing attacks targeting the coding error.

[Related: Top 10 Malware Threats To Microsoft PCs ]

"This is one of the uglier releases we've seen from Microsoft this year," said Paul Henry, security and forensic analyst at vulnerability management vendor Lumension. "To say that all Microsoft products are affected and everything is affected critically is not an understatement. It’s difficult to prioritize one or two because all the bulletins are significant this Patch Tuesday."

The six critical bulletins are remote code execution vulnerabilities, giving attackers the ability to target flaws without needing physical access to the PC. Several bulletins impact Windows and affect the company's latest versions of its operating systems, Windows 8, and RT and the latest Windows Server platform.

Internet Explorer updates probably will be the most important bulletin to implement, according to Wolfgang Kandek, chief technology officer of vulnerability management at vendor Qualys. In his analysis of the Advance Notification, Kandek said the security update impacts all versions of the browser. A bulletin that addresses an error affecting Microsoft Windows, Office and Lync also deserves attention because it could give attackers the ability to attack Windows remotely, he wrote.

The software maker also is issuing an update rated important to Windows Defender, its antimalware software. The security update fixes a flaw that can be exploited to elevate privileges on a victim's PC.

The security update is scheduled to be released Tuesday at about 1 p.m. ET.

July marks the first round of updates for Microsoft following the unveiling of its new bug bounty program. The company will reward researchers that find serious vulnerabilities in the latest versions of its products.

In June, Microsoft fixed nearly 20 Internet Explorer vulnerabilities. The update also included fixes to Microsoft Office, the Windows Kernel and a Print Spooler coding error.

PUBLISHED JULY 8, 2013

Back to Top

Video

 

sponsored resources