More Windows patches coming next week

Article

More Windows patches coming next week

Bill Brenner, Senior News Writer
For IT administrators who thought this week's out-of-cycle ANI fix was all the Windows patching they'd be doing this month, Microsoft has a message: Think again.

The software giant released its monthly Patch Tuesday preview on its TechNet Web site Thursday, saying it plans to put out five security updates next week -- four additional Windows fixes as well as one for the Microsoft Content Management Server. Some of the updates will address critical flaws.

As it does every month, Microsoft will also release an update of its Windows Malicious Software Removal Tool and will hold a Webcast Wednesday at 11 a.m. Pacific Time to address customer questions regarding this month's fixes. Customers can tune in to the Webcast via the Microsoft Web site.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Windows ANI flaw:
Windows ANI patch problems reported: Some IT administrators are having trouble installing the Windows ANI patch. Meanwhile, the researcher who discovered the flaw said Firefox is also vulnerable.

Microsoft releases patch for Windows ANI flaw: Security companies are seeing massive attacks against the Windows ANI zero-day flaw, prompting Microsoft to rush out a fix a week before Patch Tuesday.

Microsoft warns of Windows zero-day; third-party fix released: Attackers are exploiting a new zero-day flaw in Windows, Microsoft confirmed Thursday. eEye Digital Security has released a temporary patch.

While it doesn't expect any changes, Microsoft said the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft released no patches last month, though IT administrators were preoccupied with patches to address the earlier-than-usual start to daylight-saving time (DST), which began March 11.

More recently, IT shops have been busy installing the patch Microsoft released this week in its MS07-017 bulletin to fix a glitch in how Windows handles animated cursor (.ani) files. It was released a week ahead of schedule because the flaw has been attacked on a massive scale.

Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable.

San Jose-Calif.-based Secure Computing said Thursday it has identified more than 100 different malware codes designed to exploit the Windows ANI weaknesses. The vendor has determined that at least one source of malware originates from the same server that was used to launch the Super Bowl exploits in February.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top