Microsoft Windows 7 News & Tips

You are here: Home » Windows 7 News » Updates » Microsoft will Issue a Critical Patch Week of 12-13-09 for Windows 7 IE8

Microsoft will Issue a Critical Patch Week of 12-13-09 for Windows 7 IE8

View Comments December 12, 2009 | GGarza

Microsoft is expected to release a security patch to address a Critical vulnerability in IE8. For December, Microsoft is planning to release six new security bulletins that are expected different vulnerabilities in several Windows products. Some of the vulnerabilities are in Windows7, some in Internet Explorer 8, and some in Microsoft Office Products. On the office side the vulnerabilities affect Project, Word, and Worlks 8.5.

Microsoft Security Response Center

There is a range to the bulletins including three that are Critical and three that are considered Important. The Microsoft Security Bulletin Summary for December 2009 outlines these vulnerabilities:

Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
Vulnerability in Microsoft Office Project Could Allow Remote Code Execution
Cumulative Security Update for Internet Explore
Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution

Vulnerability Table

Proof of Concept for the security flaws was released to the public recently, which prompted Microsoft’s response. In computer security the term proof of concept is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage of some vulnerability. The zero-day, the day of release, means that the item in question, in this case the software IE8 has a weakness that has not been fully exploited. But for Microsoft the weakness will be addressed in the patch upgrade.

Vulnerability Table Windows 7

According to a Microsoft Spokesman, Jerry Bryant, security program manager, ” The IE update maps to bulletin number 4 in the ANS and will be at the top of our deployment priority list. The other critical update affecting Windows (bulletin number 1) will have a lower Exploitability Index rating, so while the impact is higher with a critical severity rating, the lower risk will drop the deployment priority down a little. The final critical update affecting Microsoft Project (bulletin number 3), is only critical for Project 2000. The other affected versions are important. That coupled with a lower Exploitability Index will also drive it down on the deployment priority list. Customers have asked us to map the numbered bulletins in the ANS to the final bulletin ID’s after release so we will be doing that in the blog post here on Tuesday.”

The vulnerability table for Server 2008

Vulnerability Table: Server 2008

The Office Suite Vulnerability Table:

Vulnerability Table: Office Suite

aa

Tip: Click here to run a free scan for common PC errors

GD Star Rating
loading...

Tags: internet explorer 8, MSRC, Project, security bulletin, security updates, window7, zero-day

Category: Updates, Windows 7 News, Windows 7 Security

Next Post: Creating Windows7 Shortcuts »»

Prev Post: Building Your Own Windows 7 Machine: Mid-range Gaming PC »»

About GGarza: I've been in the computer industry since the mid 80's. I have several Microsoft Certifications including MCSE 2003, MCTS, MCITP, and Cisco CCNA, and CCNP. I also have a Msc in Computer Information Systems from the University of Liverpool. I am the author of the Tiger Guide to Laptops. I write articles for BrightHub.com in astronomy and computers. My interests are in Astronomy, Evolutionary Science, American and European History, Finance and Economics, and Computer Science. You can follow me on twitter. http://twitter.com/GigaAstroTech View posts.