Computerworld - Even though it rushed out an emergency patch this week for the Windows animated cursor (ANI) flaw, Microsoft Corp. still has five more updates for customers next week, the company said today as it pre-announced fixes for flaws in Windows and Content Management Server.
But a two-month-old zero-day bug in Microsoft Word that has already been exploited by attackers is not on the list.
Four of the five bulletins scheduled to debut on Tuesday involve Windows, while the fifth patches Microsoft Content Management Server, a discontinued Web filtering server. At least one of the Windows updates will be rated critical, the highest threat ranking in Microsoft's four-step scoring system. The Content Management Server bug, meanwhile, will also be pegged as critical.
Additionally, several nonsecurity updates Microsoft classifies as high priority will also be released on Tuesday, according to the advance notification posted to the firm's site.
As usual, Microsoft did not disclose details about the updates. But because no patches were unveiled last month, there are several suspects that may be fixed next week. The SANS Institute's up-to-date missing patches table, for instance, lists 13 issues that need attention. eEye Digital Security Inc. of Aliso Viejo, Calif., also tracks unpatched Windows vulnerabilities but has less than half that number on its Zero-Day Tracker site.
Missing from the April 10 patch batch is a fix for a flaw in Word 2000 and 2002 that Microsoft acknowledged Feb. 14. The vulnerability, which SANS calls critical and Danish bug tracker Secunia has pegged as extremely critical, its highest ranking, has been exploited by attackers for more than two months.
If Microsoft issues all five updates as expected, users will have faced 22 bulletins in the first four months of the year and at least 42 patches; at least half of those will have been marked critical. During the first four months of 2006, Microsoft issued 17 updates with 31 patches.
Tuesday's updates will be available for manual download from the Microsoft Web site at about 1 p.m. EDT.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
