News

Microsoft to Release 5 Non-Critical Bulletins Tuesday

Microsoft's Security Response Center is working on five non-critical security bulletins for release next Tuesday, the company said late Thursday as part of its newly public Security Bulletin Advance Notification program.

The most severe flaws in next week's "Patch Tuesday" batch will address "important" security problems, and some of the security updates may require a restart. Microsoft uses the "important" rating for vulnerabilities that could result in compromise of the confidentiality, integrity or availability of users data or of the integrity or availability of processing resources.

Microsoft's advance warning doesn't mention which platforms may be affected by the bulletins.

Microsoft has one highly public outstanding issue involving Microsoft WINS that company officials have confirmed they are working on fixing. In late November, security experts warned users to lock down unused ports after an exploit surfaced for an unpatched flaw in WINS.

The company issued a rare out-of-cycle patch on Dec. 1 for an even higher profile issue -- the critical Internet Explorer flaw that was being exploited through compromised Web banner servers. Normally Microsoft only releases patches on the second Tuesday of each month. The cumulative patch for IE was only the fourth time Microsoft has broken out of that schedule since switching to the monthly schedule in late 2003.

Taking Signups for New Notification Service

Also on Thursday, Microsoft began taking signups for what it calls the Microsoft Security Notification Service: Comprehensive Version. The e-mail service consists of e-mail notification of the advance notification of upcoming security bulletins and notifications of minor changes to previously released bulletins.

Click here to view the advance security notification for December and to find the link to sign up for the new notification service.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.