|
|
Microsoft has revealed plans to release six patches for Windows: two are rated Critical as they may allow remote code execution, three are Important (privilege escalation) and one Moderate (information disclosure).
These patches are particularly serious for Windows 2000, where the highest severity rating is Critical. The other currently supported versions (XP, Vista, Server 2003 and Server 2008) have a maximum rating of Important.
Furthermore, only three of the issues apply to Vista and Server 2008.
But that's not the whole story. There's also an Internet Explorer bulletin that's rated Critical on all versions of Windows except Server 2008, where it is regarded as Moderate. The flaw is present in IE versions 5, 6, 7 and 8.
The other three new bulletins affect Word, Excel and Office, and each has a highest security rating of Critical (on Office 2000; the rating is reduced to Important for Office XP, 2003 and 2007).
What else is coming? Find out on page 2.
Microsoft also plans to release an update to the MS09-017 bulletin from May which identified an Office vulnerability but only delivered fixes for Office for Windows.
|
|
These updates "will be ready to go on Tuesday," according to Jerry Bryant of Microsoft's Security Response Center.
As usual, Microsoft will also release updates for the Malicious Software Removal Tool and the Windows Mail Junk E-Mail Filter, along with an Update Rollup for ActiveX Killbits.
There will also be cumulative updates for Media Center for Vista and Media Center TVPack for Vista.
What's not being fixed is the DirectShow vulnerability revealed in late May. Microsoft's still working on a production-quality fix, but believes the previously advised workaround provides reasonable protection for most users.
With significant updates coming for Windows, Internet Explorer and Office for Windows and Mac, Microsoft's update servers are likely to be in for a hammering on Tuesday.
