• Microsoft to Issue 16 Security Patches and 60 Other Updates

    Article Source: http://thehackernews.com/2014/11/microsoft-to-issue-16-security-patches_9.html

    Microsoft has this time quite a big pile of security patches in its November 2014 Patch Tuesday, which will address almost 60 non-security updates for its Windows OS along with 16 security updates.

    The software giant released Advance Notification for 16 security bulletins, the most in more than three years, which will be addressed as of tomorrow, 11 November, 2014. Five of the bulletins have been marked as “critical”, nine are “important” in severity, while two were labeled “moderate.”

    The updates will patch vulnerabilities in Microsoft’s various software including Internet Explorer (IE), Windows, Office, Exchange Server, SharePoint Server and the .NET framework as well.

    Five critical vulnerabilities affect specific versions of Microsoft Windows, including Windows 7, Windows 8, Windows RT, and Windows Server. One of them also affects Internet Explorer versions 7 through 11 as well.

    Four of the five critical bugs are said to allow remote code execution, meaning that successful hackers could hijack a system and install malicious softwares on the victim’s machine, while the last could allow an attacker to gain administrative privilege on a vulnerable machine.

    “A vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing to a web page or opening email,” is how Microsoft describes a critical patch.

    Another nine patches are rated as “important”, which are not as severe as the critical ones but should still be installed in order to keep your systems safe. These affect Microsoft Windows, Office and Microsoft Exchange.

    Five of the nine important updates will patch “elevation of privilege” vulnerabilities, two others fix the OS security features bypass vulnerabilities, one addresses Remote Code Execution bug, while the other one plugs an information leak.

    Last two patches are rated as “moderate”, which indicates a much lower risk, but should still be installed by the users. One of them addresses a denial of service flaw in Microsoft Windows, while the other patches an Elevation of Privilege bug.

    If you have Automatic Updates enabled on your machine, these fixes will all be made available via Windows Update and will be applied automatically for most users. But in case users have not enabled it, Microsoft is encouraging them to apply the updates promptly. Some patches applied may require restarting the servers as well.