Microsoft warns of monster patch day next week

Biggest set of updates in six months will fix Windows, IE, Excel and Word

1 2 Page 2
Page 2 of 2

"Nothing else here maps to any known vulnerabilities," said Storms.

The IE update will patch IE 5.01, IE6 and IE7, but not the recently-released IE8, and was marked critical on the Windows client, important on the server side.

One of the five Windows updates is similar, in that it has been labeled critical for all versions, including Windows 2000, XP, Vista, Server 2003 and Server 2008. "It's a big call-out whenever something's critical for Vista and Server 2008," said Storms, because that means the bug is in the software that Microsoft considers its most secure.

Storms also dubbed some of the updates "oddballs" based on the scanty information that Microsoft makes available prior to releasing updates. "The one they call 'Windows 1' affects both the operating system and Office," he said. "That's an oddball case, and I've been trying to think of what it could be. Maybe it's something like XML or OLE, something that's not only embedded in the OS but also used in the application."

Microsoft said the Windows 1 update will affect older versions of Microsoft Word from Office 2000 and Office XP, but not from Office 2003 or Office 2007.

It's likely that Microsoft will patch more than just eight vulnerabilities in the eight updates, said Storms. Microsoft often packs updates, those for IE and Office in particular, with several separate patches. "I think we'll certainly see a lot of CVEs," he said, referring to the Common Vulnerabilities and Exposures bug-naming system.

Storms expects that next Tuesday will be a rough day for IT and security administrators as they wrestle with the biggest Microsoft patch day in months. And there's even more work for some.

"Just hope you don't have Oracle [software] running, too, because they're updating on Tuesday," he said. Oracle is also slated to issue its quarterly security update on April 14.

Microsoft will issue April's eight updates at approximately 1 p.m. Eastern time on Tuesday.

Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon