Microsoft to fix 22 Windows bugs, three critical

By Geoff Duncan February 4, 2011

Image used with permission by copyright holder

In advance of next week’s Patch Tuesday, Microsoft has given advance notice that the company intends to address a total of 22 security issues in its next Patch Tuesday update covering everything from Windows and Internet Explorer to Microsoft Office, Visual Studio, and its IIS server application. In all Microsoft will issue 12 bulletins, covering nine issues the company considers Important and three rated “critical.”

Among the critical fixes will be patches for a zero-day flaw in the Windows Graphics Rendering Engine that began appearing in the wild back in January that enables attackers to take control over a PC using an specially-crafted image on a Web site or embedded in a Word or PowerPoint document. The update will also fix a remote code execution bug with CSS handling in Internet Explorer, along with zero-day exploits against the FTP server included with IIS.

Recommended Videos

However, Patch Tuesday will not include a fix for recently-uncovered script injection attacks against Internet Explorer that could potentially be used to spoof content, harvest user information, or install malware on a user’s machine. For now, the best defense against the exploit is locking down the MTHML protocol (involves registry editing), setting Internet and Local Intranet security setting to “high”, or configuring IE to block (or prompt to run) Active Scripting for Internet and Local Intranet zones.

Topics

Former Digital Trends Contributor

Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…

Computing

Whatever you do, don’t install the Windows 11 September update

Microsoft has warned users in a post on its support blog that the September KB5043145 update, released on Thursday, is causing some Windows 11 PCs to restart multiple times, show the blue screen of death, or even freeze.

The problems in the recent update affect those on the 22H2 or 23H3 version of Windows 11. However, Microsoft said it is investigating the issue and will provide more information when it's available. Microsoft confirmed: "After installing this update, some customers have reported that their device restarts multiple times or becomes unresponsive with blue or green screens. According to the reports, some devices automatically open the Automatic Repair tool after repeated restart attempts. In some cases, BitLocker recovery can also be triggered."

Computing

Microsoft outlines Recall security: ‘The user is always in control’

Recall promotional image.

Microsoft just released an update regarding the security and privacy protection in Recall. The blog post outlines the measures Microsoft is taking to prevent a data privacy disaster, including security architecture and technical controls. A lot of the features highlight that Recall is optional, and that's despite the fact that Microsoft recently confirmed that it cannot be uninstalled.

Microsoft's post is lengthy and covers just about every aspect of the security challenges that its new AI assistant has to face. One of the key design principles is that "the user is always in control." Users will be given the choice of whether they want to opt in and use Recall when setting up their new Copilot+ PC.

Computing

Microsoft is giving up control of the Copilot key

In a Windows Insider Blog post, Microsoft recently announced that it is rolling out the Windows 11 Insider Preview Build 22635.4225 (KB5043186) update. It's a relatively small update, but it finally gives users control of the dedicated Copilot key that's showing up on an increasing number of laptops.

In the blog post, Microsoft detailed how it is giving users more customization freedom by adding the option to configure the Copilot key, which can open an app that's MSIX packaged and signed. This is good news since the app meets security and privacy requirements to keep your PC safe. When the option is available more broadly, you should find it by going to Settings > Personalization> Text Input.