Microsoft To Release More Patches On Tuesday

Microsoft Corp. on Thursday announced its plans for releasing three security patches as a part of its convention Patch Tuesday cycle, with one of the vulnerabilities has been rated “critical” that allows hackers to carry out remote code execution on a victim’s computer.

The critical vulnerability, which affects Windows 2000, XP, Vista along with Windows Server 2003 and 2008, enables attackers to seize control over the user’s PC by launching remote code execution, and is scheduled to be patched in the security bulletin to be released on upcoming Tuesday, the software maker said in an advisory.

Besides, the other two updates are rated as “important”, and could be used for launching ‘spoofing’ attacks only, and while one of these “important” updates affects all the operating systems as the “critical” patch, the other has a limited scope, and covers only Windows 2000, Windows Server 2003 and 2008.

Surprisingly, the company hasn’t announced any patch for the much touted zero-day flaw affecting Microsoft Office Excel application that attackers have been targeting in past few weeks.

However, in an advisory issued on 24 February, the software company notified that the bug could enable a hacker to carry out arbitrary code if a specially designed Excel file tries to access an invalid object.

Go To Page 2 for our comments and more related links

Our Comments

Amongst one of the important things that a company system administrator needs to have in its to do list is a proper patch roll out scheme. Just check that yours is in place. As Windows Vista becomes more mature, there's less of a chance of attacks. Actually most of the threats in the past few months are browser-based.

Related Links

Microsoft Plans Three Security Bulletins for Patch Tuesday

(eWeek)

Coming on Patch Tuesday: 3 Windows bulletins, 1 critical

(ZDNet)

Three Security Fixes Expected on Patch Tuesday

(Redmond Channel Partner)

Microsoft to release three security updates Tuesday

(CNet)

Windows Security Patches Coming Next Week

(PC World)

Microsoft Patch Day Won't Fix Excel Vulnerability

(Information Week)