Microsoft Plans Four 'Critical' Security Bulletins Next Week - InformationWeek
IoT
IoT
Software // Operating Systems
News
9/5/2008
02:38 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Plans Four 'Critical' Security Bulletins Next Week

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Microsoft plans to release four security fixes next week as part of its regularly scheduled patch day, which this month falls on Tuesday, September 9.

All four of the Security Bulletins are designated 'critical' because they involve the possibility of remote code execution.

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Though there are only four bulletins, far fewer than the 11 released last month, the September patch cycle won't be a cakewalk. The "Windows Bulletin" covers many vulnerabilities in different software components.

Two of the bulletins are related to Windows Media software, Media Player 11 and the Media Encoder. Media files have become a common attack vector because it's generally easier to trick someone into opening a malicious Paris Hilton video than, say, a malicious Paris Hilton Visio file.

Next month, Microsoft plans to begin providing additional information to business professionals and security vendors to help make security patches easier to understand and to prioritize.

Starting with its October patch cycle, Microsoft will rate the likelihood that vulnerabilities will be exploited using the Microsoft Exploitability Index. Vulnerabilities will be rated using one of three designations: Consistent Exploit Code Likely, Inconsistent Exploit Code Likely, and Functioning Exploit Code Unlikely. The aim is to help IT professionals figure out which patches should be applied immediately.

Microsoft will also begin providing security information to large third-party security companies in advance of official publication through the Microsoft Active Protections Program.

The two new programs are part of Microsoft's six-year-old Trustworthy Computing initiative.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll