Microsoft plans five updates for Windows and one for XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.
Microsoft Corp. announced Thursday that it will release six security updates next week, including at least one to fix a vulnerability that attackers are already actively exploiting.
In the advance notification posted on its Web site mid-morning Thursday, Microsoft said it would release five updates for Windows and one targeting XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.
Typically, the Redmond, Wash. developer doesn't disclose the exact components, services, or applications to be patched prior to delivering the updates on the second Tuesday of each month. But the fix for Microsoft XML Core Services, a flaw that's currently being attacked by hackers, was specifically called out in the advance alert.
Last weekend, Microsoft acknowledged that a bug in an ActiveX component of Microsoft XML Core Services 4.0 was being exploited; in a blog entry, a Microsoft Security Response Center program manager characterized the attacks as "limited."
One of the 11 October patches supposedly fixed a problem in XML Core Services, but at least one vulnerability was apparently missed then, said Minoo Hamilton, senior security researcher with patch management vendor nCircle, on Monday.
Other yet-to-be-patched flaws have been reported by Microsoft, including a bug in an ActiveX control in Visual Studio 2005. Several vulnerabilities in Internet Explorer, including IE 7, have also been disclosed recently.
Last month, Microsoft unveiled 10 updates, but the month before it rolled out only three. The six scheduled to land next week, however, will push the year's total to 71, just one shy of the all-time record of 72 security fixes in 2002.
The updates will be available for manual download from the Microsoft Web site on Tuesday, Nov. 14 at approximately 10 a.m. PDT. Automatic updates to users' computers will begin shortly after that.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.