Patch Tuesday: Microsoft Fixes Serious Outlook Flaw

Dennis Faas's picture

Another monthly Patch Tuesday security update has arrived and this time Microsoft is providing fixes for 'critical' flaws in its Internet Explorer web browser and its Outlook email manager.

In total, Microsoft's Patch Tuesday offering includes 13 bulletins, four of which have been marked critical -- Microsoft's highest security rating.

Many security experts are pointing to the critical bulletin affecting Outlook as the most important security issue this month.

Code Execution Flaw Affects Outlook

Wolfgang Kandek, chief technology officer at IT security firm Qualys, says it's imperative that all businesses, big or small, download and install the Outlook fix as soon as possible. (Source:

If they fail to do so, Outlook users could be opening themselves up to remote code execution -- meaning a remote hacker could take control of their systems.

According to reports, the flaw involves the way Outlook deals with user certificates. These certificates help Outlook determine the identity of someone sending an email.

Reports indicate that a hacker could exploit the flaw to place malicious data on a computer's memory. It's a significant issue that wouldn't even require a targeted user click on anything (like a link embedded in an email) to cause problems.

Just displaying the contents of an email message could allow for the execution of malicious code.

Internet Explorer Targeted -- Again

Another security bulletin addresses critical vulnerabilities in Internet Explorer, which has received its fair share of attention on Patch Tuesdays this year.

In this case a hacker could plant malicious code on an Internet page and if someone visited that page using an unpatched version of Internet Explorer, they could find their system taken over by a hacker.

Both Word and Excel are also receiving fixes this Patch Tuesday, but their security bulletins are marked 'important' -- Microsoft's second-highest security rating.

Both of these cases involve vulnerabilities that could become a problem if a user opens a malicious file. (Source:

Security experts like Kandek are warning Microsoft users to immediately download and install all of the available fixes.

You can read more about this month's Patch Tuesday by clicking here to visit the Microsoft Technet page.

Rate this article: 
No votes yet