[ISN] Just 3 Microsoft Security Updates On Tap Next Week

From: InfoSec News (alerts@private)
Date: Mon Sep 11 2006 - 01:22:17 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=192600577

By Gregg Keizer
TechWeb
Sept 7, 2006

Microsoft will ratchet back the number of security updates it releases
next week from August's record-tying 12 to just 3 for September, the
company told customers Thursday.

In the advance notification posted on its Web site, Microsoft said it
would release 2 updates for Windows and 1 for Office, the company's
industry-leading application suite. Only the Office update will be
pegged as "critical," Microsoft's highest warning rank.

The Redmond, Wash. developer also plans to roll out multiple
non-security updates classified as "high priority" to users via
Microsoft Update, Windows Update, Software Update Services (SUS), and
Windows Server Update Services (WSUS).

Microsoft doesn't disclose the exact components, services, or
applications to be patched prior to update delivery, but Word 2000 was
fingered this week for an unpatched vulnerability currently being
exploited by attackers, and the word processor might be quickly fixed.

According to eEye Digital Security, Windows 2000 also sports an
unpatched bug that "when exploited allows for remote code execution in
SYSTEM context allowing an attacker to take complete control of
affected systems."

It would be unlikely, however, that one of the two fixes for Windows
would address eEye's bug, since the latter has categorized the flaw as
"High" in severity; Microsoft said that the most dire label for the
Windows updates will be "Important," which places second in a
four-step ranking.

Another security vendor, Internet Security Systems (ISS) has a Windows
vulnerability open in its database; by ISS's account, the bug produces
a denial-of-service -- in other words a computer crash -- rather than
allow an attacker hijack. The bug affects several versions of Windows,
including fully-patched Windows XP SP2, Windows Server 2003, and
Windows 2000 machines.

September's updates will be available for manual download from the
Microsoft Web site on Tuesday, Sept. 12, around 10 a.m. PDT.

Last month, Microsoft released 12 updates that patched 23
vulnerabilities, 16 of which were judged as "critical." In the last
three months, the company has posted 31 updates and patched 63
different bugs.


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Mon Sep 11 2006 - 01:32:00 PDT