Microsoft plans three critical security updates

The software giant said two critical updates will affect Windows and one critical fix will affect Office.

IT administrators can expect a lighter but critical Patch Tuesday.

After releasing a whopping 10 security updates last month for critical flaws in Internet Explorer and Windows, plus smaller vulnerabilities in some of its server products, Microsoft announced Thursday that the next patch list will be considerably shorter.

On Tuesday, the software giant plans to release two critical updates for Windows and one critical update for Microsoft Office. Both will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and most will probably require a restart, the software giant said on its TechNet site.

The company will also release an updated version of its malicious software removal tool on Windows Update, Microsoft Update, Windows Server Update Services [WSUS] and the Download Center. The company has also scheduled one non-security, high-priority update for Microsoft Office on Microsoft Update (MU) and WSUS.

As it does each month, Microsoft warned that while it doesn't expect any changes, "the number of bulletins, products affected, restart information and severities are subject to change until released."

At this point it's unclear if the upcoming patch batch will include fixes for a newly discovered flaw in Internet Explorer.

The problem, reported by Vienna-based SEC Consult, is that Internet Explorer doesn't properly instantiate the javaprxy.dll COM object. Malicious Web sites can exploit this to corrupt memory on vulnerable machines. Attackers could also use the flaw to launch malicious code.

Danish Security firm Secunia has rated the vulnerability "extremely critical" because exploit code is publicly available "The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0, Microsoft VM (virtual machine) build 3802 and Microsoft Windows XP SP2," Secunia said in an advisory. "Internet Explorer 5.01 and 5.5 is reportedly also affected."

Microsoft said it's investigating the flaw and recommends users set their Internet and local intranet security zone settings to "High." Users can also unregister, disable or restrict access to the javaprxy.dll COM object, though this could affect functionality.

This article originally appeared on SearchSecurity.com.

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close