News

Four Critical Fixes on Tap for Tuesday

The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.

Four of the six updates will address "Critical" issues. The remaining two are expected to be of "Important" and "Moderate" severity, Microsoft said.

Redmond's advance notification lumped the bulletins into several groups. Five of the bulletins -- including all four critical bulletins -- will concern different versions of Windows. Of these, two will affect both Windows and other Microsoft products, namely Internet Explorer, Outlook Express, and Microsoft Mail.

A sixth security bulletin will address a Remote Code Execution (RCE) vulnerability in both Office and Visio.

Speaking of remote code execution, all but one of next week's bulletins will address potential RCE exploits, according to the MSRC. The sole outstanding vulnerability stems from a potential information disclosure risk, Microsoft said. That vulnerability -- which Microsoft rates at moderate severity -- affects Windows Vista and Windows Vista x64 edition only.

Elsewhere, the Internet Explorer RCE vulnerability is said to affect all supported versions of that product -- including Internet Explorer 7.0 (running on all Windows platforms, including Windows Vista).

Microsoft did not say which of next week's updates will require system restarts.

Redmond's Patch Tuesday festivities don't stop with these vulnerabilities, either. Microsoft announced plans to deliver seven non-security, high-priority updates (via Microsoft Update and Windows Server Update Services), although none will come via Windows Update and Software Update Services.

As usual, Microsoft is also prepping another version of its Windows Malicious Software Removal Tool.

Thursday's advance notification isn't always the last word in Patch Tuesday deliverables. Earlier this year, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing, or if it identifies other issues.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Opens Azure Sentinel Marketplace for Partner Solutions

    Microsoft recently announced preview releases of several Azure Sentinel improvements, including connectors for partner solutions within Azure Sentinel.

  • 2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.