News
News
9/7/2006
02:29 PM
50%
50%

Just 3 Microsoft Security Updates On Tap Next Week

The next round of Microsoft security updates is considerably smaller than the last.

Microsoft will ratchet back the number of security updates it releases next week from August's record-tying 12 to just 3 for September, the company told customers Thursday.

In the advance notification posted on its Web site, Microsoft said it would release 2 updates for Windows and 1 for Office, the company's industry-leading application suite. Only the Office update will be pegged as "critical," Microsoft's highest warning rank.

The Redmond, Wash. developer also plans to roll out multiple non-security updates classified as "high priority" to users via Microsoft Update, Windows Update, Software Update Services (SUS), and Windows Server Update Services (WSUS).

Microsoft doesn't disclose the exact components, services, or applications to be patched prior to update delivery, but Word 2000 was fingered this week for an unpatched vulnerability currently being exploited by attackers, and the word processor might be quickly fixed.

According to eEye Digital Security, Windows 2000 also sports an unpatched bug that "when exploited allows for remote code execution in SYSTEM context allowing an attacker to take complete control of affected systems."

It would be unlikely, however, that one of the two fixes for Windows would address eEye's bug, since the latter has categorized the flaw as "High" in severity; Microsoft said that the most dire label for the Windows updates will be "Important," which places second in a four-step ranking.

Another security vendor, Internet Security Systems (ISS) has a Windows vulnerability open in its database; by ISS's account, the bug produces a denial-of-service -- in other words a computer crash -- rather than allow an attacker hijack. The bug affects several versions of Windows, including fully-patched Windows XP SP2, Windows Server 2003, and Windows 2000 machines.

September's updates will be available for manual download from the Microsoft Web site on Tuesday, Sept. 12, around 10 a.m. PDT.

Last month, Microsoft released 12 updates that patched 23 vulnerabilities, 16 of which were judged as "critical." In the last three months, the company has posted 31 updates and patched 63 different bugs.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 Digital Issue, April 2015
The 27th annual ranking of the leading US users of business technology
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.