Microsoft will release six updates for Windows, four for Office, and one for the .Net Framework. At least one each of the Windows and Office updates will be labeled "critical," Microsoft's highest warning rank.
Microsoft Corp. will release 11 security updates next week, marking the third time in the last five months that it has posted a double-digit number of patches, the company said Thursday.
In the advance notification posted on its Web site, Microsoft said it would release 6 updates for Windows, 4 for Microsoft Office, and 1 for the .Net Framework. At least one each of the Windows and Office updates will be labeled "critical," Microsoft's highest warning rank.
Although the Redmond, Wash.-based developer unveiled only 4 updates last month, it posted 12 in August and another dozen in June. With the 11 expected Tuesday, Oct. 10, Microsoft will have released 66 security bulletins thus far in the year, nearly matching 2002's record 69 updates, but with two months still to go.
Microsoft doesn't disclose the exact components, services, or applications to be patched prior to update delivery, but both Windows and Office have outstanding vulnerabilities that are currently being exploited by attackers. A pair of Internet Explorer flaws may be patched Tuesday, and it's likely that a bug in PowerPoint will also be fixed. Previously, Microsoft promised that one of the browser bugs would be patched in the October batch.
That flaw, which is in a Windows ActiveX control called "WebViewFolderIcon," may be one of those marked critical by Microsoft. An advisory posted Wednesday by California-based vendor eEye Digital Security slapped the same rating on the bugvulnerability because criminals were already using it to plant malware on users' PCs.
October's updates will be available for manual download from the Microsoft Web site on Tuesday at approximately 10 a.m. PDT. Automatic updates to users' computers will begin shortly after that.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.