[ISN] Windows, Office to get 'critical' fixes

From: InfoSec News (alerts@private)
Date: Thu Jan 04 2007 - 22:38:43 PST


By Joris Evers
Staff Writer, CNET News.com
January 4, 2007

As part of its monthly patch cycle, Microsoft plans to release on 
Tuesday eight security bulletins to plug holes in its software products.

The most serious problems are in the Windows operating system and Office 
productivity suite, Microsoft said in a heads-up on its Web site 
Thursday. Each of those two product families will get three security 
bulletins, some of which will be tagged as "critical," Microsoft's 
highest risk rating.

In addition, Microsoft in its advance notification separates out two 
more security bulletins, one for Windows and Visual Studio and one for 
Windows and Office. These will be rated "important," a notch lower on 
the the company's risk ranking.

Microsoft did not specify how many flaws Tuesday's updates will address 
or which components of its products will be fixed. eEye Digital Security 
on its Zero-Day Tracker Web site lists a total of eight zero-day 
vulnerabilities that Microsoft still has to address, with four each in 
Office and Windows.

Also on Tuesday, Microsoft plans to release an updated version of its 
Windows Malicious Software Removal Tool. The program detects and removes 
common malicious code placed on computers.

Last month, the software maker delivered seven security bulletins, three 
of which were deemed critical. Critical vulnerabilities typically can 
allow a worm to spread or allow a Windows system to be fully compromised 
with minor or no interaction from the person using it.

Microsoft gave no further information on the upcoming bulletins, other 
than stating that some of the fixes may require restarting the computer 
or server.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Jan 04 2007 - 22:57:55 PST