Establishing Digital Trust: Don't Sacrifice Security for Convenience
Microsoft plans to release nine bug patches next week for its monthly Patch Tuesday drop -- five of them biggies.
This month's collection of security bug fixes will be about average for Microsoft's regular monthly patch release. However, the company did ship two so-called "out-of-band" bug patches on July 28 to block exploits that were scheduled to be exposed the following day at the Black Hat security conference in Las Vegas.
Still, even with those two fixes, next week's patches aren't likely to match Microsoft's biggest bundle of fixes, which came with June's Patch Tuesday event.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iAlthough Microsoft does not detail bugs in advance of patch availability, it said today that August's collection of fixes primarily affects versions of Windows, including Windows 2000 Service Pack 4 (SP4), XP SP2 and SP3, and Vista, as well as Windows Server 2003 and 2008. Windows 7 is not on the list, however.
Additionally, some of the vulnerabilities affect Outlook Express versions 5.5 and 6, along with Windows Media Player 9, 10, and 11.
Meanwhile, one patch fixes critical holes in Microsoft Office for XP and Office 2003. The same patch also fixes holes in Visual Studio, in Internet Security and Acceleration Server, and in BizTalk Server.
One bonus is that this round of patches addresses a zero-day vulnerability that was discovered in mid-July -- too late for the July Patch Tuesday drop.
That bug, for which Microsoft has already released a workaround, is in the Office Web Components, used in publishing documents on a Web site.
Still, some security experts say, Microsoft has its work cut out for it.
"Despite Microsoft's best efforts to stay ahead of the attackers, zero-day vulnerabilities like the Office Web Components flaw are being actively discovered and targeted by attackers," Sheldon Malm, senior director of security strategy for security vendor Rapid7, said in an e-mail to InternetNews.com. "Rapid7 would not be surprised if yet another zero-day flaw surfaces in the following weeks, as has been the case in recent months."
Article courtesy of InternetNews.com