Microsoft Corp. last week has set seven security updates for release next Tuesday that target vulnerabilities in Windows, Internet Explorer, Outlook Express, Word and SharePoint. Of the seven bulletins expected Oct. 9, four will be rated “critical,” Microsoft’s highest ranking, while the remainder will be labeled “important,” the next-lower rating. What details Microsoft was willing to share prior to the patches’ debut were posted to the prepatch notification filed on the company’s Web site this morning.
“Looks like a pretty normal advance notification to me,” said Andre Protas, director of preview at eEye Digital Security.
Windows will account for three of the seven updates, and one of the four critical fixes. The solitary critical bulletin affects Windows 2000, Windows XP Home SP2 and Windows Server 2003, Microsoft said.
The three remaining critical updates will address one or more vulnerabilities in Outlook Express, the e-mail software bundled with Windows, and Windows Mail, Vista’s name for the program; Internet Explorer (IE); and Microsoft Word. Every version of IE will need a patch, according to the affected software section of the notice, including IE 7 on Vista, the edition Microsoft has repeatedly touted as its most secure browser ever.
While all versions of Outlook Express harbor a critical bug, as does Word 2000, the flaws in other flavors of Microsoft’s entry-level mail client and word processor were designated as important.
“The Word vulnerability is undoubtedly a file parsing bug,” said Andrew Storms, director of security operations at nCircle Network Security Inc., referring to the numerous flaws that Microsoft has patched in Office document formats since January 2006. “And the IE bug shows that Vista’s protections are not aiding the browser like Microsoft had hoped.
Read More via PC World
Popularity: 1% [?]
Entries (RSS)