Microsoft plans two Windows security updates

By SearchSecurity.com Staff 03 Jan 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft is starting the year off with a lighter-than-usual patch release, with two security updates scheduled for release on Tuesday.

The software giant said in its Patch Tuesday advance bulletin that it will release one critical bulletin and one important bulletin, both for flaws in Windows.

Microsoft security bulletin: December: Microsoft fixes critical DirectX, Windows and IE flaws: Microsoft's December 2007 security update includes seven patch bulletins -- three of them critical -- for flaws in various versions of Windows, IE and DirectX. Inside MSRC: Message Block and queuing patches explored: Microsoft's Bill Sisk explains patches that address vulnerabilities in Server Message Block Version 2 and Microsoft Message Queuing (MSMQ). Microsoft warns of Windows zero-day: Attackers could exploit a zero-day flaw in Windows' Web Proxy Auto-Discovery (WPAD) feature to access sensitive data, Microsoft warned.

According to the advance bulletin, the critical update will affect a variety of Windows versions, including Windows XP SP2, Vista, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2.

The important update will affect Windows 2000 Service Pack 4, Windows XP SP2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2.

Microsoft typically assigns the critical rating to flaws whose exploitation could allow for the propagation of a malware attack without user action. The important rating usually goes to flaws whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data or of the integrity or availability of processing resources.

As is the case each month, an update of Microsoft's Windows Malicious Software Removal Tool will accompany the release of the security patches. The update will be delivered via Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS), and the Download Center.

Microsoft will also release five non-security, high-priority updates via MU and WSUS; and two non-security, high-priority updates for Windows on WU and WSUS.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary