Microsoft to address flaws in Windows, Office for Mac


Microsoft to address flaws in Windows, Office for Mac Staff

Microsoft announced last Thursday that it plans to release six bulletins this week, including three critical bulletins, addressing flaws in Windows and Microsoft Office products.

The announcement was part of Microsoft's Advance Notification

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

to customers. The security updates will be released Nov. 10 as part of the software maker's monthly Patch Tuesday cycle.

The three critical bulletins could allow remote code execution, Microsoft said. The security updates affect Microsoft Windows 2000, XP, Vista and Windows Server 2008. The updates affecting Microsoft Office components are identified as important and affect Microsoft Excel and Word viewer. The update also affects Microsoft Office 2004 and 2008 for Mac.

Security experts said one of the bulletins, which addresses flaws that could result in a denial-of-service condition, applies to nearly all Windows versions and may be the most serious. HD Moore, chief security officer and chief architect of Metasploit, said the flaw could be to a common API such as a graphics display interface (GDI).

Last month Microsoft issued 13 bulletins, patching a record 34 vulnerabilities across its product line. One of the October bulletins, MS09-054, which addressed four flaws in Internet Explorer, was reissued by Microsoft this week to repair a problem with the patch. The update caused IE to render webpages improperly by miscalculating objects on the page.

Microsoft's October bulletins also contained the first security update for Windows 7, addressing ActiveX control issues as a result of components built using a flawed version of Microsoft Active Template Library.