For IT administrators who thought this week's out-of-cycle ANI fix was all the Windows patching they'd be doing...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
this month, Microsoft has a message: Think again.
The software giant released its monthly Patch Tuesday preview on its TechNet Web site Thursday, saying it plans to put out five security updates next week -- four additional Windows fixes as well as one for the Microsoft Content Management Server. Some of the updates will address critical flaws.
As it does every month, Microsoft will also release an update of its Windows Malicious Software Removal Tool and will hold a Webcast Wednesday at 11 a.m. Pacific Time to address customer questions regarding this month's fixes. Customers can tune in to the Webcast via the Microsoft Web site.
While it doesn't expect any changes, Microsoft said the number of bulletins, products affected, restart information and severities are subject to change until released.
Microsoft released no patches last month, though IT administrators were preoccupied with patches to address the earlier-than-usual start to daylight-saving time (DST), which began March 11.
More recently, IT shops have been busy installing the patch Microsoft released this week in its MS07-017 bulletin to fix a glitch in how Windows handles animated cursor (.ani) files. It was released a week ahead of schedule because the flaw has been attacked on a massive scale.
Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable.
San Jose-Calif.-based Secure Computing said Thursday it has identified more than 100 different malware codes designed to exploit the Windows ANI weaknesses. The vendor has determined that at least one source of malware originates from the same server that was used to launch the Super Bowl exploits in February.