Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Plans Three Patches Next Week

Microsoft on Thursday warned Windows users to expect three security bulletins May 9, the Redmond, Wash. company's regularly-scheduled second-Tuesday patch day. At least two of the three will include fixes for flaws Microsoft dubs "critical."

Two of the trio affect Windows, while the third will resolve one or more issues in the Microsoft Exchange mail server software. At least one of the Windows' bug fixes will be tagged "critical" by Microsoft, as will the Exchange patch.

At the same time, the company will roll out a refreshed edition of its malware cleaning utility, Windows Malicious Software Removal Tool, and two non-security, high-priority updates via Microsoft Update (MU) and Windows Server Update Services (WSUS). By limiting the non-security updates to those mechanisms, it’s likely that they're related to Microsoft Office, or another product which MU supports.

There is a high probability that one of the Windows bulletins will be an update for Internet Explorer (IE), Microsoft's browser. Several as-yet-unpatched vulnerabilities in IE have been disclosed recently that can be exploited by attackers who draw victims to malicious Web sites, including one made public only two week ago.

Included in the Exchange patch will be a change that will reduce e-mail address spoofing, added Microsoft. Companies running RIM's BlackBerry Enterprise Server will be most affected by this change.

  • 1