After months of hefty security updates, Microsoft is planning a lighter load this month, with only two patch bulletins scheduled for next week. Both updates affect flaws in multiple versions of Windows, with one rated critical and the other important, the software giant said in the advance November security bulletin on its TechNet Web site.
The security updates will address multiple unspecified vulnerabilities remote and local attackers could exploit to compromise targeted machines, and will affect all supported versions of Windows 2000, Windows XP and Windows Server 2003.
Microsoft has suggested its November security updates will address a zero-day flaw in the Macrovision SafeDisc (secdrv.sys) copy protection software embedded in Windows Server 2003 and Windows XP, which attackers have actively targeted in recent weeks. Security experts have also speculated that Microsoft will address a threat affecting customers using Windows XP with Internet Explorer 7 installed. The latter issue comes into play when attackers attempt to exploit a flaw in Adobe Reader and Adobe Acrobat Standard, Professional and Elements 8.1.
Microsoft will also release three non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS), and will update its Malicious Software Removal Tool, as it does every month.
Microsoft will also host a Webcast to address patching questions Wednesday, Nov. 14 at 11 a.m. Pacific Time.