Microsoft has released its advance notification for the month of May 2014 patch Tuesday security updates, that will patch a total of eight flaws issued next Tuesday, May 13. Among the eight vulnerabilities two of them are rated critical, rest all are rated important in severity.
Just a week before, Microsoft provided an ‘out-of-band security update’ for all versions of Internet Explorer (IE) that were affected by the zero-day vulnerability, and since IE6 for Windows XP retired last month, even though it received patches for IE6 zero-day flaw. But, Microsoft has no plan to make any such accommodations this time.
13th MAY 2014 – MICROSOFT PATCH TUESDAY
Next week the security updates will include fixes for vulnerabilities including the critical one in Internet Explorer (IE), along with .NET Framework, Windows, Office and SharePoint for all versions of Windows except Windows XP.
“Our existing policy remains in place, and as such, Microsoft no longer supports Windows XP. We continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1,” a Microsoft spokesman said.
The IE release is one of two critical bulletins, for all Windows versions from Windows Vista to Windows 8.1 and moderate for all Windows Server versions, expected next week. The bulletin is a remote code execution vulnerability for Microsoft Windows, specially involving Internet Explorer. The bug is critical for Windows XP too, but Microsoft said next week’s patch will not be for XP machines.
So, it should be on top of your list to be patched as soon as possible. The update will patch vulnerabilities in all still-supported versions of the browser, including IE6, IE7, IE8, IE9, IE10 and IE11, according to Microsoft’s advance notification.
The second critical marked bulletin affects SharePoint Server 2007 SP3, SharePoint Server 2010 and 2013 and Office Web Apps 2010 and 2013 as well.
The remaining six bulletins are rated Important in severity by Microsoft and affect a number of products including Office, Windows and .NET framework, and from all these flaws, a remote code execution bug in Office 2007, 2010 and 2013 could be most serious. Microsoft is also releasing patches for a security feature bypass in Office.
ADOBE TO RELEASE PATCHES FOR ACROBAT AND READER
Adobe has also announced its next patch Tuesday updates on May 13, they plan to release patches for at least one critical vulnerability in the Windows and Mac OS X versions of Adobe Acrobat and Reader.
The affected software versions are Adobe Reader XI and Acrobat XI (11.0.06) and earlier 11.x versions for Windows and Macintosh, and Adobe Reader X (10.1.9) and Acrobat X and earlier 10.x versions for Windows and Macintosh.
Adobe was not aware of any active exploits against the vulnerability in its Reader and Acrobat in latest and earlier versions as well. Adobe said that the patches address critical vulnerability in the software. No further details were provided, but the vulnerabilities are given the highest criticality rating (i.e. 1), indicating the flaws are remotely exploitable by the cyber criminals.
Source : The Hacker News