Just one patch from Microsoft next week

gallery

Microsoft is set to release just one update as part of its monthly round of security patches, due next Tuesday.

Last month, the software maker issued its largest ever ‘Patch Tuesday’ bulletin, containing eight fixes which addressed 28 vulnerabilities.

While details were scarce on exactly which flaws next week's patch would address, the security bulletin preview did say that the update had been given Microsoft's highest security rating of ‘critical’, and that it would address both server and desktop versions of its Windows operating system (OS).

The flaws could allow attackers to install unauthorised software on a victim’s computer, it added.

Despite the scant detail, there are a number of bugs affecting the Windows OS that Microsoft could be planning to fix.

In the last month alone, Microsoft warned about flaws uncovered in its TextConverter, WordPad and SQL Server database software.

Security vendor SecurityFocus said at the end of December that it had uncovered a remote code execution flaw in versions 9, 10 and 11 of Microsoft’s Windows Media Player running on Windows Vista or XP, which it outlined in a blog posting on its Bugtraq website.

Microsoft was quick to respond with a posting of its own on the Microsoft Security Centre blog, admitting that the code posted in the Bugtraq blog could crash the player, but dismissing SecurityFocus’s claim that it could compromise the security of the rest of a Windows system.

One recent flaw Microsoft won’t have to address was discovered in Internet Explorer 7 in December. The software maker deemed the vulnerability, which allowed hackers to install password-stealing software on affected PCs, to be so serious it rushed out a patch within eight days, outside of the regular round of monthly patching.

Email to a friend

Print this page