Two Windows patches coming, IE fix uncertain

By Eric B. Parizo, News Editor 08 Dec 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft will release two critical security updates for Windows next week, though it remains unclear whether either will fix an outstanding Internet Explorer issue that is currently the target of malicious code.

On its TechNet site today, Microsoft said its next scheduled "Patch Tuesday" release on Dec. 13 will feature a pair of bulletins affecting Windows, at least one of which is expected to be deemed critical.

Additionally, the software giant will release two non-security high-priority updates on Windows Update and Software Update Services (SUS), plus three other non-security high-priority updates via Windows Update and Windows Server Update Services (WSUS). Per usual, its malicious software removal tool will be updated as well.

Microsoft seems to be taking it easy on administrators as 2005 comes to a close. Last month it released just one critical update, a breeze compared with the nine patches it made available in October.

Though as it does each month, Microsoft included the following disclaimer: "Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released."

It remains to be seen whether Microsoft will address a memory corruption flaw in the browser that is currently the target of malicious Trojan.

"This issue was originally reported to the public in May as being a stability issue that caused the browser to close," the software giant said in an advisory on its Web site. "Since then, new information has been posted that indicates remote code execution could be possible. We have also been made aware of proof-of-concept code and malicious software targeting the reported vulnerability."

Microsoft warned in a subsequent advisory that TrojanDownloader.Win32/Delf-DH is targeting the flaw. "This Trojan is downloaded to a computer automatically when a user visits certain Web sites," Microsoft said.

It indicated that an out-of-cycle patch security update may be necessary, causing speculation that Microsoft may release a patch prior to this coming Tuesday. However, no such update has yet been released.

Tags: Web Browser Security,  Windows Security: Alerts, Updates and Best Practices,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS Malware, Viruses, Trojans and Spyware iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary