Microsoft plans five updates for Windows and one for XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.
Microsoft Corp. announced Thursday that it will release six security updates next week, including at least one to fix a vulnerability that attackers are already actively exploiting.
In the advance notification posted on its Web site mid-morning Thursday, Microsoft said it would release five updates for Windows and one targeting XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.
Typically, the Redmond, Wash. developer doesn't disclose the exact components, services, or applications to be patched prior to delivering the updates on the second Tuesday of each month. But the fix for Microsoft XML Core Services, a flaw that's currently being attacked by hackers, was specifically called out in the advance alert.
Last weekend, Microsoft acknowledged that a bug in an ActiveX component of Microsoft XML Core Services 4.0 was being exploited; in a blog entry, a Microsoft Security Response Center program manager characterized the attacks as "limited."
One of the 11 October patches supposedly fixed a problem in XML Core Services, but at least one vulnerability was apparently missed then, said Minoo Hamilton, senior security researcher with patch management vendor nCircle, on Monday.
Other yet-to-be-patched flaws have been reported by Microsoft, including a bug in an ActiveX control in Visual Studio 2005. Several vulnerabilities in Internet Explorer, including IE 7, have also been disclosed recently.
Last month, Microsoft unveiled 10 updates, but the month before it rolled out only three. The six scheduled to land next week, however, will push the year's total to 71, just one shy of the all-time record of 72 security fixes in 2002.
The updates will be available for manual download from the Microsoft Web site on Tuesday, Nov. 14 at approximately 10 a.m. PDT. Automatic updates to users' computers will begin shortly after that.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.