Microsoft and Adobe preview September Patch Tuesday
When it releases its monthly patches next Tuesday, Microsoft will publish five bulletins categorised as "important" to close a total of 15 holes. Most of the bulletins fix vulnerabilities in Microsoft Office, which attackers can use to inject malicious code and escalate rights. Arbitrary code can also be executed in the Mac edition of Office, and rights can also be escalated in the server component SharedPoint Workspace.
One bulletin closes a hole in all Windows versions starting with XP (including Server) that attackers can use to remotely inject code. It is currently unclear why Microsoft does not categorise this bulletin as "critical". In addition, Microsoft will fix a privilege escalation problem in Windows Server from version 2003. Finally, the Windows Malicious Software Removal Tool will, as usual, receive current virus signatures.
Tuesday is also Adobe's patch day. The media tools company has announced that it will be closing critical holes in all currently maintained versions of Adobe Reader and Acrobat both for Windows and Mac. Adobe also announced that it was working to remove compromised DigiNotar-CA certificates from its products. For the time being, Adobe has published a workaround for users who don't want to wait for the official update.