Microsoft pencils in seven bug fixes for next week
Critical Windows DNS server, Word patches likely to be released
Computerworld - Microsoft Corp. will issue seven security updates next week for Windows, Office, Exchange and BizTalk, the company announced today.
Two of the seven bulletins slated for the May 8 release involve Windows, three affect Microsoft Office, and one each impact Microsoft Exchange and the cryptography API within BizTalk Server. At least five of the seven updates will be pegged critical, Microsoft's highest threat score in its four-level system, according to the advance notification posted today.
Several nonsecurity updates classified as "high priority" will also be unveiled Tuesday via Windows Update, Microsoft Update and Windows Server Update Services (WSUS).
As usual, Microsoft did not disclose details of the updates, but intelligent guesses are not difficult. One of the Windows updates, for example, will likely be a fix for the DNS (Domain Name System) zero-day bug found in all editions of Microsoft's server line, including the current beta of Windows Longhorn Server. While researchers predicted last month that Microsoft would issue an out-of-cycle fix for the DNS server service flaw, the company's security team instead has repeatedly blogged that it would probably wait until the regularly scheduled patch day.
In the meantime, botnet worms have been on the prowl for more than two weeks.
Other good bets include a fix for a Word 2000/2002 flaw that Microsoft acknowledged on Feb. 14. The vulnerability, which the SANS Institute's Internet Storm Center calls critical and Danish bug tracker Secunia pegs as extremely critical, has been exploited by attackers for more than three months. The Word patch didn't make it into last month's updates.
Microsoft also said it would deploy a patch for the cryptography API (dubbed CAPICOM) within BizTalk Server; that process management server has rarely needed to be fixed. Microsoft's security update database only includes two BizTalk references, the most recent of which was issued four years ago.
If Microsoft issues the seven updates, users will have seen 29 bulletins in the first four months of the year, and at least 49 patches; more than half of those will have been marked critical. During the first five months of 2006, Microsoft issued 20 updates with 36 patches.
Tuesday's updates are expected to be available for manual download from the Microsoft Web site at about 1 p.m. PDT.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts