Brace yourself. Critical security patches from Microsoft are just around the corner

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Buggy OutlookOn Tuesday, Microsoft will be releasing its latest bundle of essential security patches – protecting against exploitable vulnerabilities in various versions of Windows, Microsoft Outlook, Microsoft Office, Internet Explorer, Sharepoint and Frontpage.

Preliminary details of what the security updates will cover is detailed in Microsoft’s Patch Tuesday pre-announcement, but perhaps the most serious bugs are the critical remote code execution flaws in Outlook 2007 and Outlook 2010.

Those vulnerabilities could be exploited by hackers to run malicious code on your computer simply by getting you to view a boobytrapped email. It’s easy to imagine how such a flaw could be used in a targeted attack to inject a spyware Trojan horse into an organisation, for instance.

Office 2007 Service Pack 3 and Office 2010 Service Pack 1 are in the firing line, and will need to be patched.

Sign up to our free newsletter.
Security news, advice, and tips.

Critical remote code execution vulnerabilities have also been uncovered in versions of SharePoint, while an information disclosure vulnerability needs to be patched in FrontPage 2003 Service Pack 3.

Additionally, “important”-rated vulnerabilities were also discovered in the Office 2013 editions of Excel and Access.

And – surprise, surprise – many different versions of Internet Explorer are being patches once again, this time against remote code execution vulnerabilities.

Even Mac users don’t manage to get away empty-handed this month. Microsoft Office for Mac 2011 is also lined up to receive an “important” update related to remote code execution.

There are also critical security patches for Windows XP and Windows Server 2003. But if you are still using those operating systems you should really start working out your upgrade plans – as Microsoft will no longer issue security updates for these platforms from April 2014.

If you continue to use Windows XP and Server 2003 after April 2014, you will be a sitting duck for malicious hackers.

For most home users the best way to keep on top of the regular security patches is to enable automatic updates.

Windows Update

Things are more complicated for businesses, however, who typically want to test that a security update doesn’t cause conflicts with their systems and force any downtime.

Last month, for instance, Microsoft had to reissue a security patch after the original version broke systems at some companies.

So spare a little love for your poor sysadmin if you see him next week – chances are that he’s going to be busy.

But, whatever your situation, don’t keep your head in the sand about security vulnerabilities. Criminals feast upon security patches like the one due to be published by Microsoft, attempting to reverse-engineer details of the flaws so that they might exploit them in the wild.

When Microsoft releases its patches you should attempt to roll them out across your systems without too much delay.

You can read more about in Microsoft’s advisory for the September 2013 Patch Tuesday.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Brace yourself. Critical security patches from Microsoft are just around the corner”

  1. "Office 2013 escapes unscathed this month."
    It doesn't. And the FrontPage 2003 patch is for "Information Disclosure".

    1. Graham CluleyGraham Cluley · in reply to Yuhong Bao

      Thanks for the correction. I have corrected and clarified the wording above.

  2. Scott T

    Windows Server 2003/R2 have extended support until 7/14/2015.

Leave a Reply to Graham Cluley Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.