News

Microsoft Plans 5 Patches for Tuesday

On top of this week's major update to Microsoft's Windows GDI implementation, Redmond next week plans to issue no less than four Windows security bulletins, including at least one "critical" update.

These patches will require a restart, according to Microsoft's Thursday Advance Notification posting.

In addition, Microsoft is prepping at least one "critical" update for its Microsoft Content Management Server. These updates, too, could require a restart, Redmond confirms.

Microsoft also plans to release an update for its Windows Malicious Software Removal Tool on Tuesday. That patch will be available via all the standard methods except Software Update Services (SUS).

Thursday's advance notification isn't always the last word in Patch Tuesday deliverables, of course. In January, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing or if it identifies other issues.

Next Tuesday's patch haul might seem a little anticlimactic, coming as it does on the heels of this week's high-profile GDI bulletin. That update patched a total of seven GDI flaws, one of which -- a vulnerability in Microsoft's Windows Animated Cursor Handling implementation -- was linked to a known zero day exploit.

On Tuesday, officials disclosed more about the backstory to this week's GDI update, noting that in the months since the Windows Animated Cursor Handling flaw was first brought to Microsoft's attention, Redmond was able to identify and patch a number of related vulnerabilities, too.

"[O]ur investigation through January and February showed that there was a dependency between one of the files required to address a related vulnerability in a system driver that runs in kernel mode [win32k.sys]...and the file that needed to be updated to resolve Windows Animated Cursor Handling vulnerability [user32.dll]," wrote researcher Mike Reavey on the MSRC blog. "That dependency meant a comprehensive update needed both files to be applied to systems at the same time, and our investigation included multiple components."

The upshot, Reavey wrote, is that Microsoft identified a total of seven vulnerabilities, which it decided to patch in a single update instead of asking customers to separately patch each of the flaws.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.