Three Windows Patches Coming Next Week

At least one of the three will be labeled "critical" Microsoft's highest threat rating.
Microsoft's getting right down to business. Next Tuesday, the first patch day of 2005, the Redmond, Wash.-based developer will fix a trio of flaws in Windows, the company said late Thursday.

At least one of the three will be labeled "critical," Microsoft's highest threat rating.

Microsoft now pre-announces upcoming security bulletins and patches as part of its Advance Notification service, but limits the information to the number of bulletins it will put out. The patches will debut Jan. 11.

Critical bugs are those Microsoft says can be exploited without any user interaction by automated malicious code. In other words, a worm. Examples of such hands-off worms in the past have been the destructive MSBlast of 2003 and Sasser of 2004.

The last critical vulnerability that Microsoft patched was one for Internet Explorer in early December 2004.

Late last month, security firms warned users about three unpatched vulnerabilities in Windows' LoadImage API function, its animated cursors, and in the way it handles help files. It's not known if any of the patches Microsoft plans to release next week plug these holes.

"No additional details about bulletin severities or vulnerabilities will be made available until Jan. 11, 2005," Microsoft stated in the online notification.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Terry White, Associate Chief Analyst, Omdia
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer