Ten Windows security updates coming, some critical

By Bill Brenner, News Writer 09 Jun 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

IT administrators making the switch from Software Update Services [SUS] to the newly released Windows Server Update Services [WSUS] could be in for quite a test run next week.

Related news on Microsoft The window for Windows exploits is narrowing Windows security advisories draw mixed reviews

Days after Microsoft released WSUS and announced other changes to its software update process, the company told users to expect a full plate of patches Tuesday, some for critical security holes. On its TechNet Web site, Microsoft said it plans to release:

• Seven bulletins affecting Windows. Some updates will be critical and will require a restart. Five will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and two can be detected with the Enterprise Scanning Tool (EST).
• One "moderate" bulletin affecting Windows and Microsoft Services for UNIX. These updates may require a restart and can be detected using MBSA and EST.
• One "important" bulletin affecting Microsoft Exchange. This update will not require a restart and will be detectable using MBSA and EST.
• One "moderate" bulletin affecting the Internet Security and Acceleration (ISA) Server and Small Business Server. These may require a restart and can be detected with EST.

Microsoft will also release an updated version of its Malicious Software Removal Tool on Windows Update, Microsoft Update, WSUS and the Download Center. The company doesn't plan to release non-security advisories, though it said that "the number of bulletins, products affected, restart information and severities are subject to change until released."
It's unclear if Tuesday's patch releases will address several unresolved security holes that have come to light since the beginning of April. They include:

• One in the Jet Database Engine brought to light by security research organization HexView. Attackers could use a memory handling error in the program to launch malicious code. Danish security firm Secunia said the flaw is "highly critical" because exploit code has been posted to a public mailing list. Secunia confirmed the vulnerability on a fully patched system with Microsoft Access 2003 and Windows XP SP1/SP2.
• Two vulnerabilities in Internet Explorer and Outlook reported by Aliso Viejo, Calif.-based eEye Digital Security. The first "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." The second vulnerability has the same damage potential and also affects IE and Outlook.

Tags: Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary