Software // Enterprise Applications
04:32 PM

Microsoft Plans Six Security Updates, Two For Windows Vista

Among the security updates coming in next week's Patch Tuesday are two for Windows Vista flaws and one for Internet Explorer.

Gearing up for next week's Patch Tuesday release, Microsoft announced Thursday that it's preparing six security updates -- four of them for critical bugs.

One security update actually can patch multiple vulnerabilities, so it's unclear at this point how many flaws next week's releases will fix. Microsoft, though, did announce in its Security Bulletin Advance Notification that each of the four critical updates will affect Windows software, while only one affects Internet Explorer. Another one will address issues in Outlook Express, as well as Windows Mail.

One critical vulnerability affects Windows Mail in Windows Vista and Windows Vista x64 edition. There another patch for Windows Vista that's rated "moderate."

All of the critical bugs being fixed enable remote code execution, meaning that a remote hacker could take over an infected system.

The one security bulletin that received Microsoft's second-highest threat rating of "important" affects the Office application suite, as well as Microsoft Visio, which is diagramming software. The flaw being fixed also enables remote code execution. It's not yet clear why this is not a critical flaw, as nearly all remote code execution vulnerabilities are rated that way.

The "moderate" security bulletin affects a bug in Windows that causes information disclosure.

Johannes Ullrich, CTO for the Internet Storm Center, a cooperative cyberthreat-monitoring and alert system, said this seems like an average size patch release for Microsoft -- slightly less than last month when Microsoft released seven bulletins in its monthly patch release. He is hoping, though, that several of the outstanding Internet Explorer flaws are fixed in the June 12 release.

"There are about six publicly known IE bugs out there," he added in an interview. "Typically, Microsoft issues patches that fix multiple bugs. Last month, four vulnerabilities were fixed with one IE patch. That would be good."

Ullrich also is hoping that Microsoft patches several outstanding Office vulnerabilities. "It's definitely one of the issues that keeps bugging users," he said. "We haven't seen any of them widely used yet. They're being used in smaller, targeted attacks."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.