Microsoft previews a quiet May Patch Tuesday

Microsoft has issued its Patch Tuesday preview, warning of four security updates next week.

Three of the patches are rated 'critical,' and relate to patching Windows, Word, Publisher as well as all of the vendor's anti-malware applications.

It's thought the critical patches will address vulnerabilities in Microsoft's word processor and desktop publishing software, while the third will likely address a bug that's existed in Microsoft's Jet Database Engine that can be traced back to 2005.

Microsoft itself only acknowledged they were critical bugs affecting the Windows component that provides data access to applications such as Microsoft Access and Visual Basic on 22 March. In a security advisory it said it had heard "public reports of very limited, targeted attacks" using Word documents to trigger the Jet Database bug, but later admitted it had not patched it sooner because it thought it already blocked the most obvious attack vectors.

In a Microsoft Security Response Centre (MSRC) blog posting, group operations manager, Mike Reavey said it might replace the version of Jet in Windows 2000, XP and Server 2003 SP1 to fix the flaws. But the Jet Database Engine included in Windows Vista, Windows Server 2003 SP2 and the just-released Windows XP SP3 is not vulnerable.

The pre-patch notice confirmed that the database update will replace Jet in Windows 2000, XP SP2 and Server 2003 SP1.

The only non-critical patch Microsoft said it would release will fix flaws in its anti-malware consumer and enterprise products. Microsoft called the flaw a "denial-of-service issue" in Antigen, Forefront Security, Windows Live OneCare and Windows Defender.

The security updates will replace the pre-patch notice next Tuesday 13 May around 1pm Eastern time (6pm BST).

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook