Microsoft will release patches for two critical flaws in its software and services that left Windows 8.1 and Windows 7 users open to attack from hackers.
Microsoft Trustworthy Computing (TwC) group's manager of response communication Dustin Childs announced the fixes, due for release on 11 February, in a Patch Tuesday security advisory.
"Today we are providing advance notification for the release of five bulletins, two rated critical and three rated important, for February 2014. The Critical updates address vulnerabilities in Microsoft Windows and Security Software, while the important-rated updates address issues in Windows and the .NET Framework," read the post.
Senior manager of security engineering at Rapid7 Ross Barrett explained that the patches are important as the flaws they address could be exploited by hackers to mount remote code execution attacks on Windows users.
"The two critical advisories are unusual in that they don't touch older versions of Windows or Internet Explorer. The first patches a remote code execution vulnerability that affects Windows 7 through to Windows 8.1, including 8.1 RT. The second, also a remote code execution, is actually an issue in Forefront Protection for Exchange Server (2010)," he said.
"Given a remote code execution in a perimeter service like Forefront, I'd have to say that this is the highest priority patching issue this month. The second is, not surprisingly, the critical in Windows 7 and later."
Barrett added that the other three updates, while important are of less concern as they are far harder to exploit. "The other three issues are all of lower risk and likely lower exploitability, ranging from information disclosure to denial of service and elevation of privilege. Not to be ignored, but should be of slightly less concern than remote critical vulnerabilities," he said.
Persuading businesses to be more proactive about their patching cycles has been an ongoing goal of the UK government. The government has launched several initiatives to educate companies to install security patches as soon as possible. The Home Office launched a new Cyber Streetwise education initiative in January.
AMD's Zen chip roll-out continues with the focus on high-power embedded applications
And becomes the team's executive chairman to boot
Tesla founder leaves OpenAI group - while Valve Software's Gabe Newell joins