If you were hoping to get by without patching your Windows systems for a second month in a row, prepare to be...
Microsoft said on its TechNet site that a sizable batch of updates will be issued Tuesday to plug security holes in Windows, Office, MSN Messenger and Exchange. The software giant won't offer details on the vulnerabilities until then, but it does expect to release:
- Five bulletins affecting Windows, some or all of them for critical flaws;
- One critical bulletin affecting Microsoft Office;
- One critical bulletin affecting MSN Messenger; and
- One critical bulletin affecting Microsoft Exchange.
That day the company also plans to release an updated version of the Windows Malicious Software Removal Tool on Windows Update and the Download Center and two "non-security high-priority" updates for Windows on the Windows Update site.
It's unclear if any updates will address two critical vulnerabilities in Internet Explorer, Outlook and other Microsoft programs brought to light April 1 by Aliso Viejo, Calif.-based eEye Digital Security.
eEye said the first vulnerability "allows malicious code to be executed, contingent upon minimal user interaction," and affects Internet Explorer, Outlook and "additional miscellaneous titles." Operating systems affected are all versions of Windows NT 4.0, Windows 2000 and Windows XP. It remains to be determined if Windows 2003 is affected, the firm said.
The second vulnerability has the same damage potential and also affects IE and Outlook, though it's still unclear which versions of the Windows operating system are vulnerable.
A Microsoft spokeswoman confirmed Friday that the company is investigating the flaws eEye brought to its attention.
IT administrators got a rare break from Windows patching last month. The last time Microsoft skipped a month of patch releases before that was December 2003.