More Windows patches coming next week

In a preview of next week's monthly patch release, Microsoft said it plans to issue four more Windows updates on top of the ANI fix it rushed out this week.

For IT administrators who thought this week's out-of-cycle ANI fix was all the Windows patching they'd be doing this month, Microsoft has a message: Think again.

The software giant released its monthly Patch Tuesday preview on its TechNet Web site Thursday, saying it plans to put out five security updates next week -- four additional Windows fixes as well as one for the Microsoft Content Management Server. Some of the updates will address critical flaws.

As it does every month, Microsoft will also release an update of its Windows Malicious Software Removal Tool and will hold a Webcast Wednesday at 11 a.m. Pacific Time to address customer questions regarding this month's fixes. Customers can tune in to the Webcast via the Microsoft Web site.

Windows ANI flaw:
Windows ANI patch problems reported: Some IT administrators are having trouble installing the Windows ANI patch. Meanwhile, the researcher who discovered the flaw said Firefox is also vulnerable.

Microsoft releases patch for Windows ANI flaw
: Security companies are seeing massive attacks against the Windows ANI zero-day flaw, prompting Microsoft to rush out a fix a week before Patch Tuesday.

Microsoft warns of Windows zero-day; third-party fix released: Attackers are exploiting a new zero-day flaw in Windows, Microsoft confirmed Thursday. eEye Digital Security has released a temporary patch.

While it doesn't expect any changes, Microsoft said the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft released no patches last month, though IT administrators were preoccupied with patches to address the earlier-than-usual start to daylight-saving time (DST), which began March 11.

More recently, IT shops have been busy installing the patch Microsoft released this week in its MS07-017 bulletin to fix a glitch in how Windows handles animated cursor (.ani) files. It was released a week ahead of schedule because the flaw has been attacked on a massive scale.

Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable.

San Jose-Calif.-based Secure Computing said Thursday it has identified more than 100 different malware codes designed to exploit the Windows ANI weaknesses. The vendor has determined that at least one source of malware originates from the same server that was used to launch the Super Bowl exploits in February.

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close