News Stay informed about the latest enterprise technology news and product updates.

Expect 13 Windows patches, some critical

Microsoft will release patches Tuesday to fix critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

IT administrators should plan for a very busy Patch Tuesday.

Microsoft said on its TechNet site that it expects to issue 13 security bulletins Tuesday, some of them for critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

The software giant won't reveal full details of vulnerabilities to be patched until Tuesday afternoon. But Thursday it revealed that its patch release will address:

  • "Moderate" security holes affecting SharePoint Services and Office;
  • "Important" vulnerabilities in the .NET Framework;
  • One or more "critical" vulnerabilities affecting Microsoft Office and Visual Studio; and
  • One or more "critical" flaws in Windows, Windows Media Player and MSN Messenger.

Several media reports in the past month have mentioned vulnerabilities in Media Player. And Thursday several antivirus firms reported the appearance of two pieces of malicious code targeting MSN Messenger.

More on Microsoft and patching

Can we sue Microsoft for writing years of horrible code and for causing many of the today's infosec headaches?

Do you think that Microsoft is improving its patch management service as a part of their Trustworthy Computing Initiative?

PandaLabs of Glendale, Calif., was among those issuing an alert for Bropia-E and Gaobot-CTX, which displays a photo of a roast chicken with a bikini tan in its messages.

Bropia-E uses MSN Messenger to spread, disguising itself as an image file with a variable name "taken from a long list of options and a .pif or .scr extension," PandaLabs said. Examples include "bedroom-thongs.pif," "LMAO.pif" or "LOL.scr."

If the user runs the file, the sinister code sends itself out to all the contacts in MSN Messenger and creates various files on the computer, including one called "winhost.exe," which contains Gaobot-CTX.

Gaobot-CTX carries out the actions that pose the biggest threat to the computer, connecting to IRC channels and waiting for commands from a remote user, PandaLabs said. This allows the attacker to download "all kinds of files to the affected computer: spyware, adware, other viruses, etc."

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.