Four Critical Fixes on Tap for Tuesday

The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.

Four of the six updates will address "Critical" issues. The remaining two are expected to be of "Important" and "Moderate" severity, Microsoft said.

Redmond's advance notification lumped the bulletins into several groups. Five of the bulletins -- including all four critical bulletins -- will concern different versions of Windows. Of these, two will affect both Windows and other Microsoft products, namely Internet Explorer, Outlook Express, and Microsoft Mail.

A sixth security bulletin will address a Remote Code Execution (RCE) vulnerability in both Office and Visio.

Speaking of remote code execution, all but one of next week's bulletins will address potential RCE exploits, according to the MSRC. The sole outstanding vulnerability stems from a potential information disclosure risk, Microsoft said. That vulnerability -- which Microsoft rates at moderate severity -- affects Windows Vista and Windows Vista x64 edition only.

Elsewhere, the Internet Explorer RCE vulnerability is said to affect all supported versions of that product -- including Internet Explorer 7.0 (running on all Windows platforms, including Windows Vista).

Microsoft did not say which of next week's updates will require system restarts.

Redmond's Patch Tuesday festivities don't stop with these vulnerabilities, either. Microsoft announced plans to deliver seven non-security, high-priority updates (via Microsoft Update and Windows Server Update Services), although none will come via Windows Update and Software Update Services.

As usual, Microsoft is also prepping another version of its Windows Malicious Software Removal Tool.

Thursday's advance notification isn't always the last word in Patch Tuesday deliverables. Earlier this year, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing, or if it identifies other issues.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Linux Apps Support Comes to Cameyo Virtual App Delivery Service

    Cameyo on Wednesday announced that its Virtual App Delivery service now supports Linux applications, expanding from Windows apps support.Cameyo's Virtual App Delivery service has extended its support to Linux applications, the company announced on Wednesday.

  • Rackspace-Hosted Exchange Service Gets Hit with Ransomware Attack

    Managed services provider Rackspace issued an announcement on Tuesday confirming that its hosted Microsoft Exchange e-mail service was disrupted by a ransomware attack. Rackspace's hosted Microsoft Exchange e-mail service was disrupted by a ransomware attacks, the managed services provider confirmed on Tuesday.

  • Microsoft Turns to Partners for Azure Kubernetes Service Boost

    In a joint statement by Microsoft and Isovalent on Monday, the two companies announced that Microsoft's Azure Kubernetes Service (AKS) will be receiving eBPF capabilities.

  • Microsoft Adds Privileged Identity Management Delegation to Azure Lighthouse

    The commercial release of Privileged Identity Management (PIM)-enabled Azure Lighthouse delegations is now available, Microsoft on Monday announced.