05:30 PM
Connect Directly

Microsoft Plans To Patch 7 Flaws Next Week

At least two of the seven will be rated "critical," which by the company's definition means that the vulnerability can be remotely exploited.

Microsoft warned users Thursday that they needed to set aside time on Tuesday, Feb. 14, to deploy seven security bulletins, the most the Redmond, Wash.-based developer has released since October 2005.

In the monthly pre-patch notification it sends out five days prior to unveiling fixes, Microsoft said that at least two of the seven will be rated "Critical," which by the company's definition means that the vulnerability can be remotely exploited.

One of the critical bulletins affects Windows Media Player, said Microsoft, which as is its practice, offered no details on the bug. According to Danish-based vulnerability tracker Secunia, there are no critical flaws in Media Player outstanding, which might mean that the vulnerability is not known to hackers and so is not yet being exploited.

Four of the seven bulletins involve Windows; at least one is gauged "Critical" by Microsoft.

eEye Digital Security, a Aliso Viejo, Calif.-based company well-known for spotting Microsoft flaws, currently has four open Windows issues listed on its research page. The oldest was reported to and acknowledged by Microsoft in early May 2005. Secunia, meanwhile, claims that 26 unpatched bugs exist in Windows XP alone.

It's possible, although unlikely, that one or both of the two bugs acknowledged by Microsoft Tuesday in security advisories will be among those fixed next week. The company usually takes considerable time to develop and test its patches.

Two other bulletins, both labeled "Important," impact Microsoft Office, the company's popular business application suite. One of the pair affects both Windows and Office, phrasing that often means server software is involved.

Microsoft will also issue one non-security, high-priority update to Windows, and will update the Windows Malicious Software Removal Tool to, at the least, account for the Kama Sutra/MyWife/Nyxem worm that caused a stir last week.

A follow-up Webcast to explain the fixes and answer customer questions is scheduled for Feb. 15.

What details Microsoft's willing to divulge can be found in the advance notice posted on the company's Web site.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.