Article

Microsoft plans three critical security updates

Bill Brenner

IT administrators can expect a lighter but critical Patch Tuesday.

After releasing a whopping 10 security updates last month for critical flaws in Internet Explorer and Windows, plus smaller vulnerabilities in some of its server products, Microsoft announced Thursday that the next patch list will be considerably shorter.

On Tuesday, the software giant plans to release two critical updates for Windows and one critical update for Microsoft Office. Both will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and most will probably require a restart, the software giant said on its TechNet site.

The company will also release an updated version of its malicious software removal tool on Windows Update, Microsoft Update, Windows Server Update Services [WSUS] and the Download Center. The company has also scheduled one non-security, high-priority update for Microsoft Office on Microsoft Update (MU) and WSUS.

As it does each month, Microsoft warned that while it doesn't expect any changes, "the number of bulletins, products affected, restart information and severities are subject to change until released."

At this point it's unclear if the upcoming patch batch will include fixes for a newly discovered flaw in Internet Explorer.

The problem, reported by Vienna-based SEC Consult, is that Internet Explorer doesn't properly instantiate the javaprxy.dll COM object. Malicious Web sites can exploit this to corrupt memory on vulnerable machines. Attackers could also use the flaw to launch malicious code.

Danish Security firm Secunia has rated the vulnerability "extremely critical" because exploit code is publicly available "The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0, Microsoft VM (virtual machine) build 3802 and Microsoft Windows XP SP2," Secunia said in an advisory. "Internet Explorer 5.01 and 5.5 is reportedly also affected."

Microsoft said it's investigating the flaw and recommends users set their Internet and local intranet security zone settings to "High." Users can also unregister, disable or restrict access to the javaprxy.dll COM object, though this could affect functionality.

This article originally appeared on SearchSecurity.com.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: