News

Four Critical Fixes on Tap for Tuesday

The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.

Four of the six updates will address "Critical" issues. The remaining two are expected to be of "Important" and "Moderate" severity, Microsoft said.

Redmond's advance notification lumped the bulletins into several groups. Five of the bulletins -- including all four critical bulletins -- will concern different versions of Windows. Of these, two will affect both Windows and other Microsoft products, namely Internet Explorer, Outlook Express, and Microsoft Mail.

A sixth security bulletin will address a Remote Code Execution (RCE) vulnerability in both Office and Visio.

Speaking of remote code execution, all but one of next week's bulletins will address potential RCE exploits, according to the MSRC. The sole outstanding vulnerability stems from a potential information disclosure risk, Microsoft said. That vulnerability -- which Microsoft rates at moderate severity -- affects Windows Vista and Windows Vista x64 edition only.

Elsewhere, the Internet Explorer RCE vulnerability is said to affect all supported versions of that product -- including Internet Explorer 7.0 (running on all Windows platforms, including Windows Vista).

Microsoft did not say which of next week's updates will require system restarts.

Redmond's Patch Tuesday festivities don't stop with these vulnerabilities, either. Microsoft announced plans to deliver seven non-security, high-priority updates (via Microsoft Update and Windows Server Update Services), although none will come via Windows Update and Software Update Services.

As usual, Microsoft is also prepping another version of its Windows Malicious Software Removal Tool.

Thursday's advance notification isn't always the last word in Patch Tuesday deliverables. Earlier this year, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing, or if it identifies other issues.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.

Most   Popular