Microsoft has defended the time it takes to fix known security flaws, as it released patches for eight vulnerabilities.
Of the eight patches, which are part of Microsoft's monthly update cycle, five are rated critical, two are important and the last is moderate.
The first patch fixes a critical flaw in Excel, which has already been publicly exploited, Microsoft researchers said in their security blog. The second patch solves another already-exploited flaw in Word Pad and Office.
The other critical fixes are for Internet Explorer, Windows HTTP Services and DirectX. The two important bulletins fix a token kidnapping flaw in Windows and a spoofing vulnerability in ISA Server. The last, least serious flaw being patched is an elevation of privilege issue in SearchPoint.
On it's blog, the Microsoft security team noted that five of the vulnerabilities were previously made public some as early as April of last year. The team wrote that Microsoft sometimes takes a while to issue a security update because they want to make sure the vulnerability is fully addressed and compatible with third party software.
"I will say that we will do the right thing for our customers; we will dig deeper; we will hold a low quality update; and we will release an update when it is ready for broad distribution; no sooner or no later," the post said.
More details on the security patches are available here.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
-
Sitecore XP RCE flaw is being actively exploited, ACSC warnsNews The vulnerability was fixed last month but hackers are now moving against patching laggards
