June 6th, 2014, 22:18 PM
Microsoft's latest countdown: Update Windows 8.1 before Tuesday
Microsoft today announced it will deliver seven security updates to customers next week, including an almost-habitual one for Internet Explorer (IE), and others for Windows, Office and Lync, the company's communications server software.
Before then, Windows 8.1 devices that rely on Windows Update to obtain patches must have moved to Windows 8.1 Update, an interim upgrade Microsoft shipped in early April.
The IE update, one of two classified as "critical," Microsoft's most serious threat ranking, will include a patch for a vulnerability that went partially-public last month after a bug bounty program tired of waiting for Redmond to fix the flaw.
Two weeks ago, HP TippingPoint's Zero Day Initiative (ZDI) revealed some details about the IE bug after its 180-day grace period had expired without Microsoft providing a patch. Microsoft acknowledged that the flaw existed, but said it had not received reports of the vulnerability being exploited in the wild. The company repeated that claim today.
The other critical update will patch all still-supported versions of Windows, ranging from Windows Server 2003 to Windows 8.1. Like the IE "bulletin" -- Microsoft's term for an update package that patches one or more vulnerabilities -- the critical one for Windows was tagged as "remote code execution" (RCE) in today's advance notification. That meant cyber criminals could, if they managed to exploit the bug, compromise an unpatched PC, then plant malware on it, steal information from it or use it as part of a botnet constructed from hijacked systems.
That bulletin will also affect Office 2007 and 2010 on Windows, as well as various versions of Lync 2010 and Lync 2013.