IT administrators making the switch from Software Update Services (SUS) to the newly released Windows Server Update...
Services (WSUS) could be in for quite a test run this week.
Days after Microsoft released WSUS and announced other changes to its software update process, the company told users to expect a full plate of patches Tuesday, some for critical security holes. On its TechNet Web site, Microsoft said it plans to release:
- Seven bulletins affecting Windows. Some updates will be critical and will require a restart. Five will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and two can be detected with the Enterprise Scanning Tool (EST).
- One "moderate" bulletin affecting Windows and Microsoft Services for Unix. These updates may require a restart and can be detected using MBSA and EST.
- One "important" bulletin affecting Microsoft Exchange. This update will not require a restart and will be detectable using MBSA and EST.
- One "moderate" bulletin affecting the Internet Security and Acceleration (ISA) Server and Small Business Server. These may require a restart and can be detected with EST.
Microsoft will also release an updated version of its Malicious Software Removal Tool on Windows Update, Microsoft Update, WSUS and the Download Center. The company doesn't plan to release non-security advisories, though it said that "the number of bulletins, products affected, restart information and severities are subject to change until released."
It's unclear if Tuesday's patch releases will address several unresolved security holes that have come to light since the beginning of April. They include:
- One in the Jet Database Engine brought to light by security research organization HexView. Attackers could use a memory handling error in the program to launch malicious code. Danish security firm Secunia said the flaw is "highly critical" because exploit code has been posted to a public mailing list. Secunia confirmed the vulnerability on a fully patched system with Microsoft Access 2003 and Windows XP SP1/SP2.
- Two vulnerabilities in Internet Explorer and Outlook reported by Aliso Viejo, Calif.-based eEye Digital Security. The first "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." The second vulnerability has the same damage potential and also affects IE and Outlook.
This article originally appeared on SearchSecurity.com.