Rejoice! Patch Day will be light. This month, Microsoft only plans on releasing a Trio of updates.
According to their advanced notification post, Microsoft will release two Windows updates and one Office update on Tuesday the 8th. Only one of the Windows updates is Critical.
That said, Microsoft still hasn’t patched the zero day MHTML flaw in Windows that we mentioned during last Patch Day. The flaw involves the MIME HTML (MHTML) component, Windows uses to handle web pages that contain MHTML content. If an attacker can entice you to visit a specially crafted web-page, or click a malicious link, he could exploit this flaw in much the same way he might exploit a Cross-Site Scripting (XSS) vulnerability; to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on a web site. I am hoping that one of the Windows update corrects this issue.
Despite the low number of updates, I still recommend you plan to install Microsoft’s patches on Tuesday; especially the Critical one. We’ll know more about these bulletins next Tuesday, and will publish alerts about them here. — Corey Nachreiner, CISSP
Leave a Reply