Microsoft Plans Four 'Critical' Security Bulletins Next Week

Microsoft plans to release four security fixes next week as part of its regularly scheduled patch day, which this month falls on Tuesday, September 9.

All four of the Security Bulletins are designated 'critical' because they involve the possibility of remote code execution.

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Though there are only four bulletins, far fewer than the 11 released last month, the September patch cycle won't be a cakewalk. The "Windows Bulletin" covers many vulnerabilities in different software components.

Two of the bulletins are related to Windows Media software, Media Player 11 and the Media Encoder. Media files have become a common attack vector because it's generally easier to trick someone into opening a malicious Paris Hilton video than, say, a malicious Paris Hilton Visio file.

Next month, Microsoft plans to begin providing additional information to business professionals and security vendors to help make security patches easier to understand and to prioritize.

Starting with its October patch cycle, Microsoft will rate the likelihood that vulnerabilities will be exploited using the Microsoft Exploitability Index. Vulnerabilities will be rated using one of three designations: Consistent Exploit Code Likely, Inconsistent Exploit Code Likely, and Functioning Exploit Code Unlikely. The aim is to help IT professionals figure out which patches should be applied immediately.

Microsoft will also begin providing security information to large third-party security companies in advance of official publication through the Microsoft Active Protections Program.

The two new programs are part of Microsoft's six-year-old Trustworthy Computing initiative.