Microsoft to patch Windows Vista, IE 7, Office


Microsoft to patch Windows Vista, IE 7, Office

Bill Brenner, Senior News Writer

Microsoft Thursday released a revamped, more in-depth advance notice on what IT administrators can expect for security patches next week. If nothing changes between now and Tuesday, six security bulletins will be released to address flaws in Windows 2000, XP and Vista; Internet Explorer (IE) 6 and 7; Microsoft Office; Outlook Express and Windows Mail.

In the

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

advance notice on Microsoft's TechNet site, the software giant said it intends to release four critical updates for Windows, IE, Outlook Express and Windows Mail, which comes with Vista. Microsoft said attackers could exploit all the critical flaws to launch malicious code remotely, and several of them affect IE 7 on both Windows XP and Vista.

One "important" update will address flaws in Microsoft Office and Visio communication suite. Though it's not rated critical, Microsoft said this issue could also be used by an attacker to launch malicious code remotely.

One "moderate" update will address an information disclosure flaw in Vista, Microsoft said.

As it does every month, Microsoft will also update its Malicious Software removal tool and hold a Webcast on the June patches on Wednesday. Meanwhile, Microsoft plans to release seven non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

It remains to be seen if Tuesday's patches will address some zero-day flaws that have surfaced since the May updates.

Earlier this week, vulnerability researcher Michael Zalewski published details of four new zero-day flaws in both Firefox and Internet Explorer (IE) attackers could exploit to log keystrokes, download malware and steal cookies.

And last month, Microsoft confirmed it was looking into reports of a new Office zero-day flaw attackers could exploit to cause a denial of service or run malicious code on targeted Windows machines.

Microsoft recently announced changes to its update process, adding new details about upcoming security updates in its Advance Notification Service, which is issued every Thursday before Patch Tuesday.