Microsoft previews a quiet May Patch Tuesday
By Miya Knights,
Microsoft has issued its Patch Tuesday preview, warning of four security updates next week.
Three of the patches are rated 'critical,' and relate to patching Windows, Word, Publisher as well as all of the vendor's anti-malware applications.
It's thought the critical patches will address vulnerabilities in Microsoft's word processor and desktop publishing software, while the third will likely address a bug that's existed in Microsoft's Jet Database Engine that can be traced back to 2005.
Microsoft itself only acknowledged they were critical bugs affecting the Windows component that provides data access to applications such as Microsoft Access and Visual Basic on 22 March. In a security advisory it said it had heard "public reports of very limited, targeted attacks" using Word documents to trigger the Jet Database bug, but later admitted it had not patched it sooner because it thought it already blocked the most obvious attack vectors.
In a Microsoft Security Response Centre (MSRC) blog posting, group operations manager, Mike Reavey said it might replace the version of Jet in Windows 2000, XP and Server 2003 SP1 to fix the flaws. But the Jet Database Engine included in Windows Vista, Windows Server 2003 SP2 and the just-released Windows XP SP3 is not vulnerable.
The pre-patch notice confirmed that the database update will replace Jet in Windows 2000, XP SP2 and Server 2003 SP1.
The only non-critical patch Microsoft said it would release will fix flaws in its anti-malware consumer and enterprise products. Microsoft called the flaw a "denial-of-service issue" in Antigen, Forefront Security, Windows Live OneCare and Windows Defender.
The security updates will replace the pre-patch notice next Tuesday 13 May around 1pm Eastern time (6pm BST).
Related Tags
advertisement
Latest Security Features
Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
Latest Security Reviews
Boston 3000GP - AMD Shanghai Server
Rating: 
- Fortinet FortiGate-3810A
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?