Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Microsoft plans for six patches

Half a dozen for June Patch Tuesday.

By Gregg Keizer, Computerworld | Published: 13:30, 08 June 2007

Microsoft is to issue six security updates next week for Windows, Internet Explorer, Outlook Express, Windows Mail and Visio.

Four of the six bulletins scheduled for next Tuesday, will be ranked "critical" - Microsoft's highest threat rating- while one each will be labelled "important" and "moderate." Half of the batch affect Windows Vista, or one of its components, such as Internet Explorer 7 or Windows Mail; of the three Vista patches, two are pegged critical.

The advanced notification pinned Windows with three updates, Internet Explorer with one, Outlook Express and Windows Mail with one, and Visio 2002 and Visio 2003 with one.

This was the first early warning in the new, more detailed format that Microsoft promised last month when it said customers asked for additional information to plan their patching schedules. Each of the six expected updates was recapped with short description, severity rating, description of potential impact, whether the Baseline Security Analyzer will detect patch need, and the affected software.

A separate table broke down the last by Windows version or component, with individual entries, for instance, representing Windows XP SP2, Windows Vista, Windows Vista 64-bit, IE 6 for XP SP2, and IE 7 for Vista. If nothing else, this table gave users a much clearer picture of what is vulnerable, and how severe the bug may be for each edition of Windows. For example, the table showed that Vista will receive fixes for critical bugs in Vista's Internet Explorer 7 and Windows Mail.

Seven non-security updates classified "high priority" will also be released on Tuesday via Windows Update and Windows Server Update Services (WSUS), said Microsoft.

The exact number of vulnerabilities patched by each update - many of Microsoft's bulletins plug multiple holes - the nature of the vulnerability, and possible workarounds, however, remained missing. As before, users will have to wait until the bulletins are released for these details.

Even with the new information, it was impossible to predict all of Tuesday's results in advance. Microsoft's Visio 2002 and Visio 2003, for example, have no known unpatched vulnerabilities, so the bug was either found internally by Microsoft or reported privately to the company. Likewise with the Outlook Express/Windows Mail patch; Secunia ApS lists no known bug capable of remote code execution.

The improved clues, however, pointed to at least one open Windows bug. eEye Digital Security reported a remote code vulnerability in Windows 2000, XP, and Server 2003 to Microsoft in late March; those characteristics match one of the six bulletins planned for next week.

Assuming Microsoft releases all six updates, users will have faced 35 bulletins in the first half of 2007, three more than the 32 in the first six months last year.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.