Microsoft customers can look forward to seven security bulletins, some of them critical, affecting Windows, Office, and Exchange as well as Capicom and BizTalk as part of next week's Patch Tuesday ritual.
Microsoft said Thursday that next week it will also provide an update to its Windows Malicious Software Removal Tool. In addition, the company plans to release one high-priority non-security update on Windows Update as well as six high-priority non-security updates through Microsoft Update.
Three security bulletins slated for Patch Tuesday affect Office, while two affect Windows. Exchange is affected by one bulletin as is Microsoft BizTalk business-process management server and Capicom, a Microsoft ActiveX control that can be used to enable the digital signing of data with a smart card or software key, the verification of digitally signed data, and the graphical display of certificate information, among other security functions.
The patches related to Microsoft Office should prove the most interesting of an otherwise routine Patch Tuesday experience, said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center. While BizTalk affects relatively few Microsoft customers, it's an important system and those using it will have a keen interest in that patch.
Microsoft said it hasn't discovered any new information pertaining to mid-April reports of an attack exploiting a vulnerability in the Domain Name System Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.