Microsoft Black Tuesday: Updates for Mangled Office Documents and Malicious WINS Messages

Unless you’re one of the eagle-eyed viewers that caught Microsoft’s slip last Friday, today is the first day you get to see this month’s batch of MS product patches. As expected, Microsoft only released five Important updates for Windows and Office products this month. While none of the updates fix overly critical issues, I’d still recommend you try to install them at your earliest convenience.

I suspect the two Office bulletins (which fix flaws in the way Office parses documents, like Excel files) pose the greatest risk. Unfortunately, users often seem to fall for the “good old”  malicious Office document trick. That’s why, you should probably install these two Office related updates first — assuming you use Office applications. I’d then follow up with the two Windows updates, one of which fixes another one of those insecure DLL loading vulnerabilities that Microsoft has contended with the past year or so. Finally, if you use SharePoint, be sure to install its patch as well.

You can learn more about today’s updates in Microsoft’s September summary bulletin. As is normally the case with Microsoft updates, you should probably test the patches before deploying them in your production network — especially the ones that affect server software.

We’ll post more detailed alerts about  Microsoft’s, and how to fix them, very shortly.  – Corey Nachreiner, CISSP

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,522 other followers

%d bloggers like this: