News Stay informed about the latest enterprise technology news and product updates.

Microsoft plans two Windows security updates

Microsoft plans to release security updates next week for critical and important flaws in various versions of Windows, including Windows XP SP2 and Vista.

Microsoft is starting the year off with a lighter-than-usual patch release, with two security updates scheduled for release on Tuesday.

The software giant said in its Patch Tuesday advance bulletin that it will release one critical bulletin and one important bulletin, both for flaws in Windows.

Microsoft security bulletin:

Microsoft fixes critical DirectX, Windows and IE flaws
: Microsoft's December 2007 security update includes seven patch bulletins -- three of them critical -- for flaws in various versions of Windows, IE and DirectX.

Inside MSRC: Message Block and queuing patches explored: Microsoft's Bill Sisk explains patches that address vulnerabilities in Server Message Block Version 2 and Microsoft Message Queuing (MSMQ).

Microsoft warns of Windows zero-day: Attackers could exploit a zero-day flaw in Windows' Web Proxy Auto-Discovery (WPAD) feature to access sensitive data, Microsoft warned.

According to the advance bulletin, the critical update will affect a variety of Windows versions, including Windows XP SP2, Vista, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2.

The important update will affect Windows 2000 Service Pack 4, Windows XP SP2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2.

Microsoft typically assigns the critical rating to flaws whose exploitation could allow for the propagation of a malware attack without user action. The important rating usually goes to flaws whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data or of the integrity or availability of processing resources.

As is the case each month, an update of Microsoft's Windows Malicious Software Removal Tool will accompany the release of the security patches. The update will be delivered via Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS), and the Download Center.

Microsoft will also release five non-security, high-priority updates via MU and WSUS; and two non-security, high-priority updates for Windows on WU and WSUS.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.