Seven Patches Coming From Microsoft
- By Jabulani Leffall
- October 4, 2007
Microsoft expects to release seven security patches -- four "Critical" and three "Important" -- as part of its upcoming Patch Tuesday release.
The Critical patches affect Windows Server Service Packs for versions 2000 and 2003, as well as Internet Explorer versions 5 through 7, and Outlook Express for Windows 2000, 2003 and XP.
The common thread of the four Critical patches is their remote code execution (RCE) implications, a risk consideration that has been pretty consistent over the last few patch release announcements. Microsoft suggests using Baseline Security Analyzer to flesh out any potential bugs or problems.
Meanwhile, the three Important patches reflect more varied issues than just RCE. Two of Microsoft's Important patch bulletins concern almost all Windows OS and server versions, including multiple service pack releases of Windows 2000 and 2003, XP and Vista. The third Important patch is related to Windows SharePoint Services.
One of the Important bulletins pertains to potential denial of service attacks, which are attempts to make IT resources unavailable, locking users out of programs and applications. It bears watching, given its breadth in affecting every Windows OS program.
A second Important item deals with spoofs, also known in techie world as "masquerade ball" attacks. With this kind of attack, a hacker (either as user or malicious program) passes himself/itself off as another user/program using erroneous data and gaining unwarranted read and/or write access. This Microsoft bulletin concerns all OSes except XP and Vista.
The last Important patch affects all versions of SharePoint services. It remedies concerns over potential elevation of privilege attacks, where malicious users can change profile settings, usurp access configurations and gain greater entry into the system than intended.
Of the seven bulletins total, three will require restarts.
As it does most months, Redmond will also release another update to the Microsoft Windows Malicious Software Removal Tool and has plans to release three nonsecurity, high-priority updates on Microsoft Update and Windows Server Update Services and one nonsecurity, high-priority update for Windows on Windows Update.
Although things can still change, Thursday's advance notification points to a pretty busy Tuesday.
Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.