Expect 14 security updates from Microsoft Tuesday — three of them for critical vulnerabilities.Microsoft made the announcement in its advance notification message Thursday afternoon.According to a quick analysis from vulnerability management vendor Qualys:–The updates will affect Windows XP, Vista, and Windows 7. Only one of the critcal vulnerabiilties applies to Windows 7. On the server side, both Windows 2003 and 2008 are vulnerable, but again the newer 2008 is better than 2003, with only one vulnerability applicable. –Five of the “important” bulletins affect Office 2003, 2007 and 2010 including all office versions for Macintosh as well. One of the remaining bulletins addresses Internet Explorer 6 through 9 and the remaining bulletins apply to all versions of Windows. –Adobe Reader 9 users can expect an update to address the current zero-day vulnerability in Reader (and Acrobat itself). Alex Horan, senior product manager at Core Security, made this observation in an email Thursday afternoon:“Attackers will be drawn to the three critically rated vulnerabilities, as well as the four Remote Code Execution vulnerabilities in the Microsoft Office products. Code Execution in Office provides fresh Client Side exploit capabilities, which may have a long shelf live, given the delay administrators take in pushing patches out to users’ machines for fear of causing issues with their users ability to work.” –Bill Brennerone-stop view of latest business threats. We created it for you! Bookmark it! Use it!CSO’s Daily Dashboard gives you a Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe