Four Critical Fixes on Tap for Tuesday
- By Stephen Swoyer
- June 07, 2007
The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.
Four of the six updates will address "Critical" issues. The remaining two are expected to be of "Important" and "Moderate" severity, Microsoft said.
Redmond's advance notification lumped the bulletins into several groups. Five of the bulletins -- including all four critical bulletins -- will concern different versions of Windows. Of these, two will affect both Windows and other Microsoft products, namely Internet Explorer, Outlook Express, and Microsoft Mail.
A sixth security bulletin will address a Remote Code Execution (RCE) vulnerability in both Office and Visio.
Speaking of remote code execution, all but one of next week's bulletins will address potential RCE exploits, according to the MSRC. The sole outstanding vulnerability stems from a potential information disclosure risk, Microsoft said. That vulnerability -- which Microsoft rates at moderate severity -- affects Windows Vista and Windows Vista x64 edition only.
Elsewhere, the Internet Explorer RCE vulnerability is said to affect all supported versions of that product -- including Internet Explorer 7.0 (running on all Windows platforms, including Windows Vista).
Microsoft did not say which of next week's updates will require system restarts.
Redmond's Patch Tuesday festivities don't stop with these vulnerabilities, either. Microsoft announced plans to deliver seven non-security, high-priority updates (via Microsoft Update and Windows Server Update Services), although none will come via Windows Update and Software Update Services.
As usual, Microsoft is also prepping another version of its Windows Malicious Software Removal Tool.
Thursday's advance notification isn't always the last word in Patch Tuesday deliverables. Earlier this year, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing, or if it identifies other issues.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.