Security Management Strategies for the CIOMicrosoft Thursday released a revamped, more in-depth advance notice on what IT administrators can expect for security patches next week. If nothing changes between now and Tuesday, six security bulletins will be released to address flaws in Windows 2000, XP and Vista; Internet Explorer (IE) 6 and 7; Microsoft Office; Outlook Express and Windows Mail.
In the
Requires Free Membership to View
advance notice on Microsoft's TechNet site, the software giant said it intends to release four critical updates for Windows, IE, Outlook Express and Windows Mail, which comes with Vista. Microsoft said attackers could exploit all the critical flaws to launch malicious code remotely, and several of them affect IE 7 on both Windows XP and Vista.
One "important" update will address flaws in Microsoft Office and Visio communication suite. Though it's not rated critical, Microsoft said this issue could also be used by an attacker to launch malicious code remotely.
One "moderate" update will address an information disclosure flaw in Vista, Microsoft said.
As it does every month, Microsoft will also update its Malicious Software removal tool and hold a Webcast on the June patches on Wednesday. Meanwhile, Microsoft plans to release seven non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
It remains to be seen if Tuesday's patches will address some zero-day flaws that have surfaced since the May updates.
Earlier this week, vulnerability researcher Michael Zalewski published details of four new zero-day flaws in both Firefox and Internet Explorer (IE) attackers could exploit to log keystrokes, download malware and steal cookies.
And last month, Microsoft confirmed it was looking into reports of a new Office zero-day flaw attackers could exploit to cause a denial of service or run malicious code on targeted Windows machines.
Microsoft recently announced changes to its update process, adding new details about upcoming security updates in its Advance Notification Service, which is issued every Thursday before Patch Tuesday.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation