News

Seven Patches Coming From Microsoft

Microsoft expects to release seven security patches with four "Critical" and three "Important" bulletins as part of its upcoming Patch Tuesday release.

Microsoft expects to release seven security patches with four "Critical" and three "Important" bulletins as part of its upcoming Patch Tuesday release.

The critical patches affect Windows Server Service Packs for 2000 and 2003 versions as well as Internet Explorer, versions 5 through 7 and Outlook Express for Windows 2000, 2003 and Windows XP.

The common thread of the four "critical" patches is their remote code execution (RCE) implications, a risk consideration that has been pretty consistent over the last few patch release announcements. Microsoft suggests using Baseline Security Analyzer to flesh out any potential bugs or problems.

Meanwhile, the three "important" issues are more varied in nature, with two bulletins affecting almost all Windows OS and server versions, including multiple service pack releases of Windows 2000 and 2003, XP and Vista. A third patch is related to Windows SharePoint Services.

The first important bulletin, given its breadth in affecting every Windows OS program, bears watching. That bulletin pertains to the prospect of denial of service attacks, which are attempts to make IT resources unavailable, locking users out of programs and applications.

The second important item deals with spoofs, also known in techie world as "masquerade ball" attacks, where a hacker as a user or malicious program passes his/itself off as another user/program using erroneous data and gaining unwarranted Read and/or Write access. This would affect all OSes except XP and Vista.

The last important patch affects all versions of SharePoint services and remedies concerns over potential elevation of privilege attacks, where malicious users can change profile settings, usurp access configurations and gain greater entry into the system than intended.

Of the total seven bulletins, three will require restarts.

As it does most months, Redmond will also release another update to the Microsoft Windows Malicious Software Removal tool and has plans to release three non-security, high-priority updates on Microsoft Update and Windows Server Update Services and one non-security, high-priority update for Windows on Windows Update.

Although things can still change, Thursday's advance notification points to a pretty busy Tuesday.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.