Software // Operating Systems
News
9/5/2008
02:38 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Microsoft Plans Four 'Critical' Security Bulletins Next Week

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Microsoft plans to release four security fixes next week as part of its regularly scheduled patch day, which this month falls on Tuesday, September 9.

All four of the Security Bulletins are designated 'critical' because they involve the possibility of remote code execution.

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Though there are only four bulletins, far fewer than the 11 released last month, the September patch cycle won't be a cakewalk. The "Windows Bulletin" covers many vulnerabilities in different software components.

Two of the bulletins are related to Windows Media software, Media Player 11 and the Media Encoder. Media files have become a common attack vector because it's generally easier to trick someone into opening a malicious Paris Hilton video than, say, a malicious Paris Hilton Visio file.

Next month, Microsoft plans to begin providing additional information to business professionals and security vendors to help make security patches easier to understand and to prioritize.

Starting with its October patch cycle, Microsoft will rate the likelihood that vulnerabilities will be exploited using the Microsoft Exploitability Index. Vulnerabilities will be rated using one of three designations: Consistent Exploit Code Likely, Inconsistent Exploit Code Likely, and Functioning Exploit Code Unlikely. The aim is to help IT professionals figure out which patches should be applied immediately.

Microsoft will also begin providing security information to large third-party security companies in advance of official publication through the Microsoft Active Protections Program.

The two new programs are part of Microsoft's six-year-old Trustworthy Computing initiative.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.