Microsoft to issue two critical bulletins, SharePoint to remain vulnerable


Microsoft to issue two critical bulletins, SharePoint to remain vulnerable

Robert Westervelt, News Editor

Microsoft plans to issue two critical bulletins next week, as part of its monthly patch cycle, repairing vulnerabilities affecting Windows and Office.

The software giant issued its advance notification, Thursday,

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

and advised customers that the bulletins would not address a serious zero-day vulnerability affecting its SharePoint content management server.

"Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations," wrote Jerry Bryant, Microsoft's group manager of response communications, in the Microsoft Security Response Center blog.

Bryant warned users of SharePoint not to expect a bulletin addressing the SharePoint zero-day vulnerability in which proof-of-concept code is publicly available. Engineering teams are still working on a patch to repair the vulnerability, he said.

Microsoft issued an advisory last week warning of a cross-site scripting (XSS) vulnerability affecting SharePoint Server 2007 and SharePoint Services 3.0. The vulnerability can be exploited in a browser-based attack and enable an attacker to execute JavaScript code within the vulnerable application.

Last month Microsoft issued 11 bulletins, five critical, repairing 25 vulnerabilities across its product line. In addition to several media handling vulnerabilities, Microsoft fixed a serious Windows Authenticode Verification flaw. Windows Authenticode Verification is a digital signature format used to verify the origin and integrity of software when it is installed on a machine.