Next week Microsoft will release a new set of patches ever since dissolving its Trustworthy Computing group in early September this year.
Formed in the early 2000s as a response to all the malicious software running around those days, such as Code Red, Nimda and hundreds of other network worms and email viruses, the group was responsible for reversing Microsoft’s security reputation and making it a much safer place for users. It also gave birth to the so-called Patch Tuesday – a monthly cycle in which Microsoft released all of its updates so far.
Today’s announcement notifies the IT world that nine bulletin patches will be released next Tuesday by the Microsoft company – three critical ones, one moderate and five bulletins rated important.
Ninth Straight Patch for Microsoft’s Flagship Browser
One of the critical patches will affect Microsoft’s Internet Explorer – this would be the ninth straight month in which the company is changing its flagship browser’s code. The two other critical ones will address remote code vulnerability issues and will affect all of the software’s supported versions so far as well as the.NET development framework of the software.
The moderate patch is an uncommon rating for the company. Sitting after the important ones in Microsoft’s Severity Rating System, it mitigates a program’s authentication requirements and should not be applied to default programs its description says. The patch will affect the Microsoft Office 2007 Service Pack 3IME, or Input method Editor, supporting character-heavy languages such as Japanese and Russian.
The Important Ones
The remaining five ones are rated “important” and will affect:
- In Windows, Office, Office Services and Office Web Applications – 2 remote code execution bugs.
- In Windows – 2 privilege escalation flaws.
- In Microsoft Developers Tools (ASP.NET MVC 2.0, 3.0, 4.0, 5.0 and 5.1) – 1 security feature bypass.
Certain Revelations Call for a New Adobe DE4 Release
Meanwhile, after this week disclosure on Adobe’s Digital Edition 4 information collection, Adobe have also announced planning the release of a new bulletin patch in the forthcoming days. Earlier this week researcher Nate Hoffelder announced that he had discovered Adobe’s Epub application to gather much more information from its users’ devices than it should. Not only it tracks what users are doing in the DE4 software but it appears to collect the metadata from all of the e-book stored on the users’ hard disks, uploading that data straight to Adobe’s servers. The application looks in all e-books stored on a device, not only the ones from the DE4 software.
Being addressed regarding the discovery Adobe have posted a reply stating that all of this information is being collected for license validation and protection only.
Hoffelder’s discovery was supported by the Electronic Frontier Foundation (EFF) – a leading nonprofit organization defending civil liberties in the digital world.