05:30 PM

Microsoft Plans To Patch 7 Flaws Next Week

At least two of the seven will be rated "critical," which by the company's definition means that the vulnerability can be remotely exploited.

Microsoft warned users Thursday that they needed to set aside time on Tuesday, Feb. 14, to deploy seven security bulletins, the most the Redmond, Wash.-based developer has released since October 2005.

In the monthly pre-patch notification it sends out five days prior to unveiling fixes, Microsoft said that at least two of the seven will be rated "Critical," which by the company's definition means that the vulnerability can be remotely exploited.

One of the critical bulletins affects Windows Media Player, said Microsoft, which as is its practice, offered no details on the bug. According to Danish-based vulnerability tracker Secunia, there are no critical flaws in Media Player outstanding, which might mean that the vulnerability is not known to hackers and so is not yet being exploited.

Four of the seven bulletins involve Windows; at least one is gauged "Critical" by Microsoft.

eEye Digital Security, a Aliso Viejo, Calif.-based company well-known for spotting Microsoft flaws, currently has four open Windows issues listed on its research page. The oldest was reported to and acknowledged by Microsoft in early May 2005. Secunia, meanwhile, claims that 26 unpatched bugs exist in Windows XP alone.

It's possible, although unlikely, that one or both of the two bugs acknowledged by Microsoft Tuesday in security advisories will be among those fixed next week. The company usually takes considerable time to develop and test its patches.

Two other bulletins, both labeled "Important," impact Microsoft Office, the company's popular business application suite. One of the pair affects both Windows and Office, phrasing that often means server software is involved.

Microsoft will also issue one non-security, high-priority update to Windows, and will update the Windows Malicious Software Removal Tool to, at the least, account for the Kama Sutra/MyWife/Nyxem worm that caused a stir last week.

A follow-up Webcast to explain the fixes and answer customer questions is scheduled for Feb. 15.

What details Microsoft's willing to divulge can be found in the advance notice posted on the company's Web site.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.