Microsoft gears up for nine patches next week

Microsoft gears up for nine patches next week

Microsoft Thursday said it will release nine security updates next Tuesday, half again as many as last month, targeting flaws in Windows, Office, Internet Explorer (IE) and Virtual PC.

Of the nine bulletins expected Aug. 14, six will be labeled "critical," Microsoft's highest rating, with the remaining three ranked "important." Vulnerabilities slated to be fixed by eight of the nine updates, however, have been pegged as remote code executable, a sure sign that the bugs are very dangerous, and if exploited, could easily allow a PC to be hijacked by hackers.

Microsoft Windows, including Vista, will be the focus of four of the nine updates, with one of those Vista fixes pegged critical. Other critical patches will be provided for Microsoft Office in general, Excel in particular, Visual Basic 6.0 and IE, the company's market-leading browser. Of the bulletins labeled important, fixes will be issued for Windows Vista, Windows Media Player, Virtual PC and Virtual Server and IE.

Vista is especially hard-pressed in the advance notification, which Microsoft posted to its security site early today. Five of the nine, or just over half, of the updates patch Vista or a component of the new operating system, such as IE 7 or Media Player 11.

Four nonsecurity updates that Microsoft considers "high priority" will also post next week via Windows Update, Microsoft Update and Windows Server Update Services. The note did not hint, however, whether the two Vista hot fix packs now available for manual download will be among that group; Microsoft has promised that the performance and reliability hot fixes will offered up through Windows Update, but has refused to say when.

As is its custom, Microsoft gave only partial details of the upcoming updates, making it difficult at best to predict the vulnerabilities being patched. Clues, however, exist.

One of the updates is to patch Microsoft XML Core Services, a service that lets developers use scripting languages such as JavaScript and Visual Basic to access XML documents. The bug (or bugs -- today's advance warning didn't spell out the number) in XML Core Services 5.0 and 6.0 exists in both Office and Windows, said Microsoft. In both Vista and Office 2007, versions of long-standing product lines that Microsoft has touted as their most secure ever, the XML Core Services flaw is rated critical.

XML Core Services has been plugged in the past, most recently in November 2006 when Microsoft patched a bug in the service that was already being exploited in the wild when the fix was issued.

Although Microsoft had patched the service the month before, it missed at least one bug, which was almost immediately put into play by attackers who duped users to malicious Web sites, then exploited the flaw to compromise their computers. It's possible that next week's fix is for yet another vulnerability that Microsoft security team missed when reviewing the code twice last year.

Another of the expected bulletins will fix a flaw in Excel. The affected software, which includes Office 2000, in which the bug is ranked critical, as well as Office XP, Office 2003 and Excel Viewer 2003, points toward an Office file format vulnerability similar to several others of the past 18 months, and as recently as July.

Assuming Microsoft releases all the updates -- occasionally, it drops one at the last minute -- users will have faced 50 bulletins through the first eight months of 2007, one fewer than during the same stretch last year.

If its past practice means anything, Microsoft will post next week's updates on its site between 1 p.m. and 3 p.m. EDT.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?