May Patch Tuesday Comes with Twist for Windows 8.1
Windows 8.1 users might not receive four of the eight security updates Microsoft will release next week in its monthly "Patch Tuesday" update (May 13). The eight updates fix security flaws in Internet Explorer, Windows, Office and SharePoint: Two are marked "critical," Microsoft's highest threat rating, and the rest are marked "important."
Four of the eight pertain to Windows 8.1, Windows' latest desktop operating system. However, if Windows 8.1 users want these security patches, they'll need to install Windows 8.1 Update, which was released April 8, 2014 and includes some interface tweaks, such as the ability to run Windows 8's Metro apps from within the desktop.
MORE: Best Anti-Virus Software 2014
Microsoft usually doesn't divulge details about vulnerabilities in upcoming Patch Tuesday, and this month is no exception. In its advance notification, the company said the two "critical" updates concern remote code execution, or the ability for a cyberattacker to gain control of a vulnerable computer via a remote server.
The attacker could install malware on the computer without the proper user's permission, or even knowledge. However, the attacker could only acquire the same permissions as the user whose account is compromised, another example of why PC owners should use limited-user accounts when performing general activities on the computer.
The first critical update is probably the most serious for regular users: It concerns a vulnerability in all supported versions of Windows and Internet Explorer (Windows Vista through 8.1 and RT, and IE 6 through 11). The same flaw also affects all supported versions of Windows Server, but it's only a "moderate" threat for those.
The second critical update concerns Microsoft SharePoint Server 2010 and 2013 as well as Microsoft Office Web Apps 2010 and 2013, which are browser-based "light" versions of Word, Excel, PowerPoint and other Office applications.
The other six updates are all rated "important." One concerns remote code execution on Microsoft Office 2007, 2010 and 2013, which is less serious than a similar attack on a Windows system as a whole.
Three updates concern elevation of privilege, in which attackers give themselves more permissions on an infected computer. Paired with a remote-code-execution flaw, an elevation-of-privilege flaw could let attackers take over the entirety of a computer. All three affect all supported versions of Windows and Internet Explorer, and one also concerns Microsoft's .NET Framework.
One of the final two updates concerns a denial-of-service flaw on all supported versions of Windows Server, which could be exploited to take a server offline by overloading it with more data requests than it can handle. The other concerns a security feature bypass in Microsoft Office 2007, 2010, 2013 and 2013 RT.
We'll know more about the specific nature of the threats being patched when the updates are pushed out at about 10 a.m. PDT Tuesday (May 13).
To make sure you receive Microsoft security patches, go into Control Panel and set Windows Update to install updates automatically. If you run Windows 8.1, install the April operating-system update first.
Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+. Follow us@TomsGuide, on Facebook and on Google+.
Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
