Just 3 Microsoft Security Updates On Tap Next Week - InformationWeek
02:29 PM

Just 3 Microsoft Security Updates On Tap Next Week

The next round of Microsoft security updates is considerably smaller than the last.

Microsoft will ratchet back the number of security updates it releases next week from August's record-tying 12 to just 3 for September, the company told customers Thursday.

In the advance notification posted on its Web site, Microsoft said it would release 2 updates for Windows and 1 for Office, the company's industry-leading application suite. Only the Office update will be pegged as "critical," Microsoft's highest warning rank.

The Redmond, Wash. developer also plans to roll out multiple non-security updates classified as "high priority" to users via Microsoft Update, Windows Update, Software Update Services (SUS), and Windows Server Update Services (WSUS).

Microsoft doesn't disclose the exact components, services, or applications to be patched prior to update delivery, but Word 2000 was fingered this week for an unpatched vulnerability currently being exploited by attackers, and the word processor might be quickly fixed.

According to eEye Digital Security, Windows 2000 also sports an unpatched bug that "when exploited allows for remote code execution in SYSTEM context allowing an attacker to take complete control of affected systems."

It would be unlikely, however, that one of the two fixes for Windows would address eEye's bug, since the latter has categorized the flaw as "High" in severity; Microsoft said that the most dire label for the Windows updates will be "Important," which places second in a four-step ranking.

Another security vendor, Internet Security Systems (ISS) has a Windows vulnerability open in its database; by ISS's account, the bug produces a denial-of-service -- in other words a computer crash -- rather than allow an attacker hijack. The bug affects several versions of Windows, including fully-patched Windows XP SP2, Windows Server 2003, and Windows 2000 machines.

September's updates will be available for manual download from the Microsoft Web site on Tuesday, Sept. 12, around 10 a.m. PDT.

Last month, Microsoft released 12 updates that patched 23 vulnerabilities, 16 of which were judged as "critical." In the last three months, the company has posted 31 updates and patched 63 different bugs.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll