Two Windows patches coming, IE fix uncertain

By Eric B. Parizo, News Editor 08 Dec 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft will release two critical security updates for Windows next week, though it remains unclear whether either will fix an outstanding Internet Explorer issue that is currently the target of malicious code.

On its TechNet site today, Microsoft said its next scheduled "Patch Tuesday" release on Dec. 13 will feature a pair of bulletins affecting Windows, at least one of which is expected to be deemed critical.

Additionally, the software giant will release two non-security high-priority updates on Windows Update and Software Update Services (SUS), plus three other non-security high-priority updates via Windows Update and Windows Server Update Services (WSUS). Per usual, its malicious software removal tool will be updated as well.

Microsoft seems to be taking it easy on administrators as 2005 comes to a close. Last month it released just one critical update, a breeze compared with the nine patches it made available in October.

Though as it does each month, Microsoft included the following disclaimer: "Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released."

It remains to be seen whether Microsoft will address a memory corruption flaw in the browser that is currently the target of malicious Trojan.

"This issue was originally reported to the public in May as being a stability issue that caused the browser to close," the software giant said in an advisory on its Web site. "Since then, new information has been posted that indicates remote code execution could be possible. We have also been made aware of proof-of-concept code and malicious software targeting the reported vulnerability."

Microsoft warned in a subsequent advisory that TrojanDownloader.Win32/Delf-DH is targeting the flaw. "This Trojan is downloaded to a computer automatically when a user visits certain Web sites," Microsoft said.

It indicated that an out-of-cycle patch security update may be necessary, causing speculation that Microsoft may release a patch prior to this coming Tuesday. However, no such update has yet been released.

Tags: Web Browser Security,  Windows Security: Alerts, Updates and Best Practices,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Exploit code targets Internet Explorer zero-day display flaw InZero Systems launches hardware-based security gateway Web security firm ranks Firefox, Safari browsers as flaw prone Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology Web Browser Security Research Windows Security: Alerts, Updates and Best Practices Microsoft to address 12 vulnerabilities, IE display zero-day Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary