On Tuesday, September 9, 2014, Microsoft is planning to release four (4) bulletins. One bulletin is identified as Critical with the remaining three as Important.
The updates address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework and Lync.
Outdated ActiveX ControlsIt is expected that the postponed addition to Internet Explorer in which outdated ActiveX controls will be blocked will be included in the update. Unfortunately, this will not apply to IE on Windows Vista, so those people with Oracle Java installed will need to continue carefully monitoring the Java install on their computer.
The supported configurations in which the out-of-date ActiveX control blocking feature will work with are the following:
- Windows 7 SP1, Internet Explorer 8 through Internet Explorer 11
- Windows 8 and up, Internet Explorer for the desktop
- All Security Zones—such as the Internet Zone—but not the Local Intranet Zone and the Trusted Sites Zone
ReminderAs has been widely publicized, support ended for Windows XP and Office 2003 on April 8, 2014. See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014. Note also that Microsoft Security Essentials will no longer be available for download for Windows XP.
As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
- MSRC: Advance Notification Service for the September 2014 Security Bulletin Release
- TechNet: Microsoft Security Bulletin Advance Notification for September 2014
- IE Blog: Internet Explorer begins blocking out-of-date ActiveX controls
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...