Microsoft to patch flaws in Windows, Office

By Bill Brenner, Senior News Writer 09 Mar 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

After handing IT shops a heavy patch pile for February, Microsoft has opted for a lighter March, with two security updates scheduled for Tuesday. One will address a "critical" flaw in Microsoft Office. The other will address an "important" vulnerability in Windows.

The software giant posted advance notification of the upcoming fixes on its TechNet site Thursday. While the advisory mentions which programs will be patched, customers will have to wait until next week for details on what the security holes are and how attackers might exploit them.

Read about last month's fixes Exploits now out for latest Windows flaws Microsoft 'hearts' security pros with 'Patch Tuesday' updates

"Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released," Microsoft said in the advisory. As it does each month, the company said it will also update its Malicious Software Removal Tool.

Since November 2004, Microsoft has been giving customers advance warning of what to expect three business days ahead of Patch Tuesday. The company said at the time that customer feedback prompted it to start doing so.

But one IT professional worries the advance warning may be as useful to the digital underground as it is to Microsoft's customers.

"I wonder if advance notification can work against Microsoft, with hackers working overtime to exploit programs because they know they're going to be patched," said Gabriel Selmi, network administrator for Middletown, Conn.-based Advanced Behavioral Health Inc. "That does kind of worry me."

Still, he said, the patching process has come a long way. It no longer matters much to him how many patches are released from one month to the next.

"I used to worry about having a rough time and having to plan out the patch deployment process," he said. Now it's largely automated. Selmi said his department developed a more simplified patching process using Scottsdale, Ariz.-based PatchLink Corp.

Last month Microsoft issued seven security updates. Two critical flaws addressed in those updates affect Media Player and Internet Explorer.

Earlier this week, Microsoft was forced to issue a technical advisory warning that customers who apply some recent Windows Media Player 10 patches -- including one issued last month -- may experience the following issues when trying to seek, rewind or fast forward:

• The position slider may jump back to the start of the media file.
• Content playback may freeze, even though the status shows that the content is playing.

Microsoft offered these workarounds:

• If the server is running Microsoft Windows Server 2003 Service Pack 1 (SP1), disable the Advanced Fast Start feature on the publishing point.
• Make sure that the server-side playlist does not use the "clipBegin" element.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary