Microsoft Plans Nearly Dozen Patches

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Critical vulnerabilities in Microsoft's (Quote) Windows operating system and the widely-used Office application suite are part of 11 patches slated to be released this week, according to a Microsoft.

Six of the patches -– at least one deemed critical by Microsoft -– affect Windows users, while four address vulnerabilities in Office, one of them critically important. Another security bulletin targets a moderate security risk in Microsoft's .NET (define) framework.

The 11 patches mark a resurgence in the number of security updates issued each month. While September saw just six security bulletins, it served as a breather from the 12 patches released in August.

Although the advance notification includes no details on what vulnerabilities the patches intend to fix, Microsoft has said at least one patch will answer a Windows flaw exploited by malicious hackers.

Monday Microsoft it would include a security update in response to proof-of-concept code able to exploit a flaw in the WebViewFolderIcon Active X control. The vulnerability cold enable malicious hackers to gain control of unpatched Windows 2000, Windows XP and Windows Server 2003 systems.

Office users could find the solution to a security headache discovered in September. That problem focused on a PowerPoint vulnerability that opened the door to Trojan attacks. While the exploit was rated a limited risk by security vendors, the exploit included email which created a backdoor for hackers to steal private information.

Microsoft responded by suggesting PowerPoint users employ PowerPoint Viewer 2003.

While the software maker issued an out-of-cycle patch to stem the tide of Web sites using a VML exploit, some security groups unwilling to wait for Oct. 10 released a string of third-party patches to fill the gap.

The VML exploit prompted the creation of the Zeroday Emergency Response Team (ZERT), a group of experienced security researchers. ZERT issued a fix for the VML vulnerability, as well as the WebViewFolderIcon issue.

But ZERT was not alone in offering Windows users an alternative source for security patches.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...