Microsoft will ratchet back the number of security updates it releases next week from August's record-tying 12 to just 3 for September, the company told customers Thursday.
In the advance notification posted on its Web site, Microsoft said it would release 2 updates for Windows and 1 for Office, the company's industry-leading application suite. Only the Office update will be pegged as "critical," Microsoft's highest warning rank.
The Redmond, Wash. developer also plans to roll out multiple non-security updates classified as "high priority" to users via Microsoft Update, Windows Update, Software Update Services (SUS), and Windows Server Update Services (WSUS).
Microsoft doesn't disclose the exact components, services, or applications to be patched prior to update delivery, but Word 2000 was fingered this week for an unpatched vulnerability currently being exploited by attackers, and the word processor might be quickly fixed.
According to eEye Digital Security, Windows 2000 also sports an unpatched bug that "when exploited allows for remote code execution in SYSTEM context allowing an attacker to take complete control of affected systems."
It would be unlikely, however, that one of the two fixes for Windows would address eEye's bug, since the latter has categorized the flaw as "High" in severity; Microsoft said that the most dire label for the Windows updates will be "Important," which places second in a four-step ranking.
Another security vendor, Internet Security Systems (ISS) has a Windows vulnerability open in its database; by ISS's account, the bug produces a denial-of-service -- in other words a computer crash -- rather than allow an attacker hijack. The bug affects several versions of Windows, including fully-patched Windows XP SP2, Windows Server 2003, and Windows 2000 machines.
Last month, Microsoft released 12 updates that patched 23 vulnerabilities, 16 of which were judged as "critical." In the last three months, the company has posted 31 updates and patched 63 different bugs.