Microsoft to fix five critical security flaws
Microsoft will release nine security patches next week for Windows, Internet Explorer, and Office, along with a splattering of enterprise products, such as Exchange and SQL Server.
Five of the patches are for critical vulnerabilities.
The patches will fix flaws that allow remote code execution, which would give hackers and malware writers access to install malware without user prompts or permission. Microsoft describes ‘critical’ as an exploit that “could allow code execution without user interaction” such as opening an email or Web page.
Internet Explorer will see its third update in as many months, following security updates in June and July. Typically the software giant updates the browser every other month, but reversed the decision which was welcomed by security experts and firms.
Only Bulletin 6 for Windows refers to an elevation of privilege, which can allow malware to bump the permissions of the user to allow malware to access the far reaches of the operating system’s critical files. The rest relate to malware injection to users’ machines.
Microsoft doesn’t release the full details of the vulnerabilities until patches are made available. This will be the first update for email server Exchange 2007 and 2010 since December 2010.
This should serve as an advisory notice for the upcoming Tuesday, August 14, when the patches are released through the usual update channels.