Microsoft Corp. announced Thursday that it will release six security updates next week, including at least one to fix a vulnerability that attackers are already actively exploiting.
In the advance notification posted on its Web site mid-morning Thursday, Microsoft said it would release five updates for Windows and one targeting XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.
Typically, the Redmond, Wash. developer doesn't disclose the exact components, services, or applications to be patched prior to delivering the updates on the second Tuesday of each month. But the fix for Microsoft XML Core Services, a flaw that's currently being attacked by hackers, was specifically called out in the advance alert.
Last weekend, Microsoft acknowledged that a bug in an ActiveX component of Microsoft XML Core Services 4.0 was being exploited; in a blog entry, a Microsoft Security Response Center program manager characterized the attacks as "limited."
One of the 11 October patches supposedly fixed a problem in XML Core Services, but at least one vulnerability was apparently missed then, said Minoo Hamilton, senior security researcher with patch management vendor nCircle, on Monday.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
