News Stay informed about the latest enterprise technology news and product updates.

One 'important' Windows security patch coming

Microsoft's plans to release one "important" security update for Windows Tuesday leaves a number of other flaws unpatched for at least another month.

One "important" security update for Windows will be released next week, Microsoft said Thursday. That means it'll be at least another month before the software giant patches several much-publicized flaws in its popular browser, e-mail and database programs.

IT administrators will find out Tuesday how many security holes are addressed in the update and where they are. For now, all Microsoft says on its TechNet site is that it plans one security bulletin for Windows.

"The greatest aggregate, maximum severity rating for these security updates is Important," the company said. "This update will not require a restart. This update will be detectable using the Microsoft Baseline Security Analyzer (MBSA)."

Last month, Microsoft issued patches to close 18 security holes in Internet Explorer, Windows, MSN Messenger, Exchange and Office. But those updates didn't address vulnerabilities that came to light in the days and weeks before.

One of those vulnerabilities, discovered by the security research organization HexView, is in Microsoft's Jet Database Engine. Attackers could use a memory handling error in the program to launch malicious code. Danish security firm Secunia said the flaw is "highly critical" because exploit code has been posted to a public mailing list. Secunia confirmed the vulnerability on a fully patched system with Microsoft Access 2003 and Windows XP SP1/SP2.

Also unaddressed are two vulnerabilities in Internet Explorer and Outlook brought to light by Aliso Viejo, Calif.-based eEye Digital Security in early April. The first "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." The second vulnerability has the same damage potential and also affects IE and Outlook.

Since these flaws are considered high-risk, it would seem unlikely that any will be addressed in a security update labeled "important." But as the software giant says each month in its advance notification message, "The number of bulletins, products affected, restart information and severities are subject to change until released."

Microsoft also announced Thursday that it will release an updated version of its Malicious Software Removal Tool on Windows Update and the Download Center. The tool will not be distributed using Software Update Services (SUS), the company said.

The TechNet site also noted that Microsoft won't be releasing any non-security high-priority updates for Windows on the Windows Update site.

This article originally appeared on

Dig Deeper on Network intrusion detection and prevention and malware removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.