Article

Two Windows patches coming, IE fix uncertain

Eric B. Parizo, Executive Editor

Microsoft will release two critical security updates for Windows next week, though it remains unclear whether either will fix an outstanding Internet Explorer issue that is currently the target of malicious code.

On its TechNet site

    Requires Free Membership to View

today, Microsoft said its next scheduled "Patch Tuesday" release on Dec. 13 will feature a pair of bulletins affecting Windows, at least one of which is expected to be deemed critical.

Additionally, the software giant will release two non-security high-priority updates on Windows Update and Software Update Services (SUS), plus three other non-security high-priority updates via Windows Update and Windows Server Update Services (WSUS). Per usual, its malicious software removal tool will be updated as well.

Microsoft seems to be taking it easy on administrators as 2005 comes to a close. Last month it released just one critical update, a breeze compared with the nine patches it made available in October.

Though as it does each month, Microsoft included the following disclaimer: "Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released."

It remains to be seen whether Microsoft will address a memory corruption flaw in the browser that is currently the target of malicious Trojan.

"This issue was originally reported to the public in May as being a stability issue that caused the browser to close," the software giant said in an advisory on its Web site. "Since then, new information has been posted that indicates remote code execution could be possible. We have also been made aware of proof-of-concept code and malicious software targeting the reported vulnerability."

Microsoft warned in a subsequent advisory that TrojanDownloader.Win32/Delf-DH is targeting the flaw. "This Trojan is downloaded to a computer automatically when a user visits certain Web sites," Microsoft said.

It indicated that an out-of-cycle patch security update may be necessary, causing speculation that Microsoft may release a patch prior to this coming Tuesday. However, no such update has yet been released.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: