Microsoft gears up for nine patches next week

Microsoft gears up for nine patches next week

Microsoft Thursday said it will release nine security updates next Tuesday, half again as many as last month, targeting flaws in Windows, Office, Internet Explorer (IE) and Virtual PC.

Of the nine bulletins expected Aug. 14, six will be labeled "critical," Microsoft's highest rating, with the remaining three ranked "important." Vulnerabilities slated to be fixed by eight of the nine updates, however, have been pegged as remote code executable, a sure sign that the bugs are very dangerous, and if exploited, could easily allow a PC to be hijacked by hackers.

Microsoft Windows, including Vista, will be the focus of four of the nine updates, with one of those Vista fixes pegged critical. Other critical patches will be provided for Microsoft Office in general, Excel in particular, Visual Basic 6.0 and IE, the company's market-leading browser. Of the bulletins labeled important, fixes will be issued for Windows Vista, Windows Media Player, Virtual PC and Virtual Server and IE.

Vista is especially hard-pressed in the advance notification, which Microsoft posted to its security site early today. Five of the nine, or just over half, of the updates patch Vista or a component of the new operating system, such as IE 7 or Media Player 11.

Four nonsecurity updates that Microsoft considers "high priority" will also post next week via Windows Update, Microsoft Update and Windows Server Update Services. The note did not hint, however, whether the two Vista hot fix packs now available for manual download will be among that group; Microsoft has promised that the performance and reliability hot fixes will offered up through Windows Update, but has refused to say when.

As is its custom, Microsoft gave only partial details of the upcoming updates, making it difficult at best to predict the vulnerabilities being patched. Clues, however, exist.

One of the updates is to patch Microsoft XML Core Services, a service that lets developers use scripting languages such as JavaScript and Visual Basic to access XML documents. The bug (or bugs -- today's advance warning didn't spell out the number) in XML Core Services 5.0 and 6.0 exists in both Office and Windows, said Microsoft. In both Vista and Office 2007, versions of long-standing product lines that Microsoft has touted as their most secure ever, the XML Core Services flaw is rated critical.

XML Core Services has been plugged in the past, most recently in November 2006 when Microsoft patched a bug in the service that was already being exploited in the wild when the fix was issued.

Although Microsoft had patched the service the month before, it missed at least one bug, which was almost immediately put into play by attackers who duped users to malicious Web sites, then exploited the flaw to compromise their computers. It's possible that next week's fix is for yet another vulnerability that Microsoft security team missed when reviewing the code twice last year.

Another of the expected bulletins will fix a flaw in Excel. The affected software, which includes Office 2000, in which the bug is ranked critical, as well as Office XP, Office 2003 and Excel Viewer 2003, points toward an Office file format vulnerability similar to several others of the past 18 months, and as recently as July.

Assuming Microsoft releases all the updates -- occasionally, it drops one at the last minute -- users will have faced 50 bulletins through the first eight months of 2007, one fewer than during the same stretch last year.

If its past practice means anything, Microsoft will post next week's updates on its site between 1 p.m. and 3 p.m. EDT.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?