Five critical flaws fixed in Microsoft’s Patch Tuesday
Microsoft will release nine security fixes in next week’s Patch Tuesday, five of them rated critical.
According to Microsoft, the five critical patches all fix vulnerabilities that allow remote code execution, allowing hackers to install malware without permission.
The affected programs include Windows itself, Internet Explorer, Office, SQL Server, Microsoft Server, Microsoft Developer Tools and Exchange.
An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do
The company said the five patches addressed ten critical flaws and highlighted an Exchnge vulnerability that was discovered last month.
According to Microsoft, third-party code in Oracle Outside In libraries affected Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePointt.
“In the most severe case of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file,” Microsoft said.
“An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do.”
Of the four “important” patches, three also cover remote code execution issues in Windows and Office, with the last one blocking elevated privileges in Windows. The package will require a restart.