Exchange relies on Outside In libraries to display file attachments in a browser rather than open them in a locally-stored application, like Microsoft Word. Microsoft has patched those libraries repeatedly, twice this year -- most recently in August -- and also twice in 2012.
Outside In was included in Oracle's October patch collection, making it almost certain that the Exchange update will address that technology's latest bugs. "Given Microsoft's time to test patches, the timing of this does match up," agreed Storms in a final instant message.
The six updates marked important will patch vulnerabilities in Windows, Office 2010 and Office 2013, SharePoint Server and Visual Studio Team Foundation Server 2013. If the updates are not deployed, criminals may be able to infect PCs with malware, steal information, acquire additional privileges that would let them run more threatening attacks, or bypass security features.
Microsoft will release next week's security updates on Dec. 10 around 1 p.m. ET.
Sign up for CIO Asia eNewsletters.