News

Three Critical Patches on Tap for Tuesday

The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.

Three of the six updates will address "Critical" issues. The remaining three are expected to be of "Important" and "Moderate" severity, Microsoft said.

Redmond's advance notification lumped the bulletins into several groups. At this point, the three Critical bulletins will affect one or more versions of Office and Excel, one or more versions of Windows, and one or more iterations of the .NET Framework. All three critical bulletins are linked with potential remote code execution (RCE) exploits.

The Important vulnerabilities will affect Office and Excel versions 2003 and 2007 (as well as Microsoft Publisher 2007) along with Windows XP Professional. Both Important vulnerabilities are also linked to potential RCE exploits. The sole Moderate vulnerability involves a potential information disclosure exploit in Windows Vista. As of press time, Microsoft had not provided any additional information about this flaw.

At least four of next week's updates will require system restarts.

Redmond's Patch Tuesday activities don't stop with these vulnerabilities, either. Microsoft announced plans to deliver four nonsecurity, high-priority updates (via Microsoft Update and Windows Server Update Services) and one nonsecurity, high-priority update via Windows Update and Software Update Services.

As usual, Microsoft is also prepping another version of its Windows Malicious Software Removal Tool.

Thursday's advance notification isn't always the last word in Patch Tuesday deliverables. Earlier this year, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing, or if it identifies other issues.

About the Author

Stephen Swoyer is a contributing editor for Enterprise Systems. He can be reached at [email protected].