Microsoft Rolls Out Critical Office, Windows Patches

The world’s largest software company, Microsoft Corp., has released 13 security bulletins in its Patch Tuesday update that deal with 26 security vulnerabilities in Microsoft Windows and Office software.

The latest "Patch Tuesday" follows the release of one security update for its January Patch Tuesday release and an out-of-band IE zero-day vulnerability update.

According to the announcement made by the Redmond based software giant, five vulnerabilities are rated ‘critical’, seven of them are rated ‘important’ and only one is rated ‘moderate’.

Microsoft also released a security advisory for a major security flaw in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols but didn’t provide a patch for these critical vulnerabilities.

Instead the users of the said protocols had to remain content with the workaround proposed by the company.

In the announcement, Microsoft has recommended that the users deploy the bulletin MS10-013 along with few others given that it is rated "Critical," with Exploitability Index ratings of 1.

Commenting on the MS10-013 Microsoft Media Player Flaw, Andrew Storms, director of security operations at nCircle, claimed that the flaw was the most dangerous vulnerability.

He also added that “The nature of the exploit lends itself to drive-by attacks that leave unsuspecting victims infected. An exploit of this bug would make it extremely easy to entice users to watch videos that are actually gateways to malware."

Our Comments

As usual, you're advised to contact your system administrator regarding these patches. It is likely that your computer has restarted last night as a result. We suggest that you pay a visit to Windowsupdate.com and look for the appropriate updates for your OS.

Related Links

Slew of Critical Updates from Microsoft

(PC World)

Microsoft issues urgent Windows, Office security patches

(USA Today)

Microsoft Fixes 26 Vulnerabilities In Windows, Office

(Information Week)

Microsoft delivers huge Windows security update

(Computer World)