In all, Microsoft plans to release seven security bulletins – including five rated “important” and two given the highest rating of “critical”.
One of those critical patches, will be for all versions of Internet Explorer and address a remote code execution vulnerability publicly disclosed by HP’s Zero Day Initiative (ZDI) last month after it got fed up waiting for Microsoft to issue a fix.
ZDI says it initially told Microsoft about the flaw in October 2013, but because no patch had been made available after more than six months it decided to make information about the vulnerability public.
The security flaw, which can reportedly be mitigated now by installing Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), could help malware be spread via boobytrapped websites or malicious emails, but (fortunately) has not been seen being exploited in the wild.
The second critical security bulletin addresses a remote code execution vulnerability affecting Windows, Microsoft Office, and Microsoft Lync.
Some of the patches to be released by Microsoft on Tuesday will require computers to be restarted, something that many users find a pain – but is clearly unavoidable on this occasion.
And, yes, if you were wondering – Microsoft has stuck to its promise. There are no new security patches for Windows XP.
Of course, that doesn’t necessarily mean that Windows XP users aren’t at risk – merely that Microsoft is no longer officially supporting the ageing operating system and is strongly encouraging folks to upgrade their systems to something a little more modern if they want to stay safe online.
For more details of the impending Patch Tuesday bundle, check out Microsoft’s advance notification.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.