Microsoft have patched a total of 11 security vulnerabilities this month, with a critical bug in Outlook also being fixed.
Compared to October, the fixes in the Nov 9th listing seem small, with just three security bulletins. These bulletins cover a total of 11 vulnerabilities across Microsoft Office and Forefront Unifed Access Gateway (UAG). Only one of the bulletins is classed as ‘Critical – MS10 – 087″, which fixes five issues with Microsoft Office – always a prime target for malicious code developers. A rich text format stack buffer overflow vulnerability is a primary exploit.
Jerry Bryant, group manager for response communications for Microsoft Security Response Center said in a blog post “The bulletin is rated Critical for Office 2007 and Office 2010 due to a preview pane vector in Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF (Rich Text Format) file, The update also addresses an Office vector for the vulnerability described in Security Advisory 2269637, which has been referred to as ‘DLL Preloading’ and ‘Binary planting’.”
The second bulletin also fixes a Powerpoint issue which could allow remote code execution if a user opens a malicious Powerpoint file, according to Microsoft. This is rated as ‘important’ because the user has to open the malicious file for the problem to occur.
The final bulletin, rated ‘important’ sorts out four vulnerabilities in UAG, which is a part of Microsof Forefront.
KitGuru says: Always remember to stay updated.