EOL IT Services has now merged with tier1 Asset Management Ltd

Huge List of Microsoft Patches for Windows and Office users in November

by | Nov 19, 2014 | News

Software giant, Microsoft have recently released a large number of bug fixes on Patch Tuesday for their Microsoft Windows and Microsoft Office users, in time for the big security update.

The company marked six of the updates as ‘critical’ with concern to computer security. Nine of them were considered ‘important’ and the remaining two were considered ‘moderate’.

Chris Goettel, product manager for IT management firm Shavlik told El Reg “This is the highest bulletin count we have seen from Microsoft this year.” It’s even bigger than the May and August Patch Tuesday bulletin counts that included nine items.

As they were in previous years, the patches were all made available via the Windows Update tool, and all users who had their automatic update settings turned off were encouraged to enable them immediately. Computer users were also encouraged to check for fixes to the Adobe Flash plugin on Patch Tuesday because in previous years, Adobe released their bug fixes in order to coincide with the Windows ones.

It was advised that, if any of these Adobe fixes were available, they should also be applied.

The majority, (four out of five) of the bugs that these patches are helping to protect against, allowing remote execution for computer attackers. The other bug gives attackers the ability to gain administrative privileges on vulnerable computers.

Many of the other flaws could widen the variety of privileges available to attackers in other areas, and others could mean that attackers would be able to bypass OS security features.

Most of the bulletins included in this month’s Patch Tuesday have a very specific purpose.

The sixth bulletin is specified only for Microsoft Office 2007. Bulletin ten, however, is made to patch vulnerabilities in components of SharePoint Foundation 2010 SP2, and bulletin 12 will help to protect the 2007, 2010 and 2013 versions of Exchange Server.

Nine of the bulletins that were considered ‘critical’ fixed bugs in Windows itself. As with many fixes, there are potential flaws, but the flaws in the bulletins were entirely dependent on which version of Windows it is that you have been using.

It was also important for users to realise that all versions of Windows are at some risk with concern to these flaws. In fact, even the Windows 10 Technical Preview required patching this time.

The other ‘critical’ bulletin was designed for all versions of Internet Explorer, including versions as dated as IE6 which runs on Windows Server 2003 SP2. It’s apparent that fixes for Internet Explorer often feature in the bulletins for Patch Tuesdays, and this fix, as with previous Internet Explorer fixes, addresses multiple vulnerabilities in the programme.

Of course, these Patch Tuesdays are regular and will continue each month in order to ensure the highest computer security possible. The most important thing that you for your companies IT security, is to make sure that these updates are regularly applied.

[Photo Credit: James Marvin Phelps ]


Recent Stories

Does AI Fight or Facilitate Cybercrime?

Does AI Fight or Facilitate Cybercrime?

Despite the splash made by ChatGPT at the end of 2022, Artificial Intelligence and Machine Learning have been part of our daily lives for some time. We use smart home devices, chatbots, voice assistants, and Netflix recommendations with little thought as to what’s...

These 5 Sustainable IT benefits will boost your business.

These 5 Sustainable IT benefits will boost your business.

The urgent need to minimise the impact our technology has on our environment stretches far beyond the moral obligation. With the future development of our organisations in mind, if we are to continue to rely heavily on the networked technologies that simplify our...

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

As cybercriminals commonly target software vulnerabilities, the assumption is easily made that cybersecurity threats come in the form of phishing, malware or ransomware. Consequently, corporate cybersecurity strategies can neglect the very foundation of the network,...