[ISN] Microsoft Plans Two Patches Next Week
isn at c4i.org
Fri Mar 10 01:18:27 EST 2006
By Gregg Keizer
Mar 9, 2006
Microsoft on Thursday said it would release just two security patches
next week, five fewer than last month.
A fix for Microsoft Office, the Redmond, Wash.-based company's
business productivity suite, is on the calendar, as is a separate
patch for Windows. The former will be labeled "critical," Microsoft's
most serious warning, while the latter will be tagged as "important."
Microsoft assigns "critical" to security bulletins when it believes an
exploit of the vulnerability could be used to create a worm able to
spread without any user interaction .
As is its practice, Microsoft gave no additional details. Its advance
notifications  are meant only to "help customers plan for the
deployment of these security updates more effectively," the company
said in the alert.
Although the warning didn't offer clues on the problems to be patched,
eEye Digital Security  knows about one unfixed critical
vulnerability in Windows, while Danish vulnerability tracker Secunia
lists several unpatched Office problems. Because the latter, however,
hark back to 2003 and 2004, it's likely the Office issue has either
not yet been disclosed or has been kept quiet by its discoverer(s).
A single non-security, high-priority update will also be released via
Microsoft Update, said the alert, and the Windows Malicious Software
Removal Tool will, as usual, be refreshed.
Last month, Microsoft unveiled seven bulletins  for Windows,
Internet Explorer, Media Player, and PowerPoint. Two of the seven were
March's security bulletins, patches, and updates will be issued
Tuesday, March 14.
More information about the ISN