This month's Patch Tuesday release will address vulnerabilities in Microsoft Office and Forefront Unified Gateway.
Microsoft has patches planned next week for 11 security
vulnerabilities in Microsoft Office and Forefront Unified Access
Gateway.
November's Patch Tuesday release is much smaller than the 16-bulletin, 49 vulnerability-strong
update released last month. This time, there are just three bulletins, two of which are rated "Important" and a third is rated "Critical."
The critical bulletin affects a number of versions of
Microsoft Office, including Office 2007 Service Pack 2 and Office
2010, and is targeted at thwarting the threat of remote code
execution. One of two bulletins rated Important impacts Office as
well, while the remaining bulletin is aimed at (UAG).
The pre-Patch Tuesday notification comes a day after Microsoft warned users about a
zero-day affecting Internet Explorer.
That vulnerability is not listed among the bugs slated to be fixed on
Patch Tuesday Nov. 9, and exists due to an invalid flag reference
within IE.
"It is possible under certain conditions for the invalid flag
reference to be accessed after an object is deleted," Microsoft said in
advisory. "In a specially-crafted attack, in attempting to access a
freed object, Internet Explorer can be caused to allow remote code
execution. At this time, we are aware of targeted attacks attempting to
use this vulnerability."
Once the investigation into the IE bug is complete, Microsoft
"will take the appropriate action to protect [its] customers," the
company said.
Email
Print
