Videos/Images

SC Magazine reports Microsoft is prepping a large security update for Tuesday,with plans to deliver 16 patches to fix 34 vulnerabilities across its product line. The patches will mend issues in Windows, Office, Internet Explorer, .NET Framework, SQL Server, Visual Studios, Silverlight and ISA Server. Nine of the bulletins are rated “critical,” while the remaining seven carry an “important” designation. The update touches all versions of Windows, Excel and Internet Explorer. Among the more notable fixes are two patches for Internet Explorer. One will address an issue known as “cookiejacking,” which involves an attacker accessing a file stored inside a browser — the cookie — to steal access credentials. Late last month, Italian security researcher Rosario Valotta disclosed the vulnerability, stating that it could be used to steal usernames and passwords used to login to popular sites such as Facebook and Twitter. For users to be exploited, they must be tricked into dragging an object across their screen and dropping it into an “attacker controlled HTML element,” a type of clickjacking tactic sometimes employed by hackers.