Saturday, April 7, 2007

Patch Tuesday resumes with 'critical' Windows fix

Microsoft on Tuesday plans to release five security bulletins, four of which will address Windows flaws.

The bulletins, part of Microsoft's monthly patch cycle, will provide fixes for an undisclosed number of security vulnerabilities, Microsoft said on its Web site Thursday.

Earlier this week, the company rushed out a "critical" patch for Windows that fixed seven flaws in the operating system, including one that is being used in cyberattacks.

At least one of the four additional security alerts for Windows will be tagged "critical," Microsoft's highest severity rating. Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user.

In addition to the Windows fixes, Microsoft plans to offer a patch for its Content Management Server. The product, designed to let organizations manage Web content, has a "critical" vulnerability, Microsoft said.

Microsoft has no patches on tap for Office, despite three vulnerabilities in the software that have been disclosed but have not yet been patched, according to eEye Security's zero-day flaw tracker. There are also two zero-day bugs in Windows, according to eEye. In addition, eEye has reported five flaws to Microsoft that have yet to be patched.

Also on Tuesday, Microsoft plans to release an updated version of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers.

Last month, Microsoft did not release any security bulletins. Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server.

No comments: