Microsoft Plans Nearly Dozen Patches
This week's patch release targets may include high-profile flaws in Windows and Office.
Six of the patches - at least one deemed critical by Microsoft - affect Windows users, while four address vulnerabilities in Office, one of them critically important. Another security bulletin targets a moderate security risk in Microsoft's .NET (define) framework.
Although the advance notification includes no details on what vulnerabilities the patches intend to fix, Microsoft has said at least one patch will answer a Windows flaw exploited by malicious hackers.
Office users could find the solution to a security headache discovered in September. That problem focused on a PowerPoint vulnerability that opened the door to Trojan attacks. While the exploit was rated a limited risk by security vendors, the exploit included email which created a backdoor for hackers to steal private information.
Microsoft responded by suggesting PowerPoint users employ PowerPoint Viewer 2003.
While the software maker issued an out-of-cycle patch to stem the tide of Web sites using a VML exploit, some security groups unwilling to wait for Oct. 10 released a string of third-party patches to fill the gap.
The VML exploit prompted the creation of the Zeroday Emergency Response Team (ZERT), a group of experienced security researchers. ZERT issued a fix for the VML vulnerability, as well as the WebViewFolderIcon issue.
But ZERT was not alone in offering Windows users an alternative source for security patches.