Microsoft to issue two critical bulletins, SharePoint to remain vulnerable

Article

Microsoft to issue two critical bulletins, SharePoint to remain vulnerable

Robert Westervelt, News Editor
Microsoft plans to issue two critical bulletins next week, as part of its monthly patch cycle, repairing vulnerabilities affecting Windows and Office.

The software giant issued its advance notification, Thursday, and

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

advised customers that the bulletins would not address a serious zero-day vulnerability affecting its SharePoint content management server.

"Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations," wrote Jerry Bryant, Microsoft's group manager of response communications, in the Microsoft Security Response Center blog.

Bryant warned users of SharePoint not to expect a bulletin addressing the SharePoint zero-day vulnerability in which proof-of-concept code is publicly available. Engineering teams are still working on a patch to repair the vulnerability, he said.

Microsoft issued an advisory last week warning of a cross-site scripting (XSS) vulnerability affecting SharePoint Server 2007 and SharePoint Services 3.0. The vulnerability can be exploited in a browser-based attack and enable an attacker to execute JavaScript code within the vulnerable application.

Last month Microsoft issued 11 bulletins, five critical, repairing 25 vulnerabilities across its product line. In addition to several media handling vulnerabilities, Microsoft fixed a serious Windows Authenticode Verification flaw. Windows Authenticode Verification is a digital signature format used to verify the origin and integrity of software when it is installed on a machine.