Six Windows fixes on the way

It's unclear if Tuesday's patches will address recently discovered flaws affecting Internet Explorer.

Windows-based IT shops can expect six security updates next week, Microsoft announced on its TechNet Web site Thursday.

While full details on the vulnerabilities won't be released until Tuesday, the software giant did confirm that the highest severity rating will be critical and that the updates will require a restart.

The company will also update its Malicious Software Removal tool on Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS) and the Download Center.

The software giant will also issue one non-security, high-priority update for Windows on WU, MU, Software Update Services (SUS) and WSUS.

"Although we do not anticipate any changes, the number of bulletins,

More on Microsoft security

Read about last month's patch release and exploits that followed.

products affected, restart information and severities are subject to change until released," Microsoft said.

It's unclear if the upcoming fixes will address security holes that have come to light since Microsoft's July patch release.

The latest flaw was reported Monday by Aliso Viejo, Calif.-based eEye Digital Security. The company said attackers could exploit a flaw in multiple versions of Windows to launch malicious code. "A vulnerability in default installations of the affected software allows malicious code to be executed," iDefense said. The firm wouldn't divulge additional details, but said it is high severity and could be exploited remotely.

The vulnerability affects Internet Explorer, Windows 2000 and 2003; Windows XP and Windows XP SP1. eEye said workarounds are unlikely because the affected component can't be turned off, disabled or uninstalled.

Meanwhile, security consultant and author Michal Zalewski discovered flaws in how Internet Explorer handles .jpg images. Zalewski said attackers could exploit one of the flaws remotely to launch malicious code.

The researcher posted four proof-of-concept images on the Web that could be used to exploit the flaws. Each could be used to crash Internet Explorer, even if users have XP SP2. Two of the exploit images also cause memory and CPU problems.

Microsoft said it would comment on eEye's discovery after reviewing the advisory. The company has also said it's investigating Zalewski's findings.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close