Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
Microsoft will issue seven security updates next week for Windows, Office, Exchange and BizTalk, the company announced Thursday.
Two of the seven bulletins slated for the May 8 release involve Windows, three affect Microsoft Office, and one each impact Microsoft Exchange and the cryptography API within BizTalk Server. At least five of the seven updates will be pegged critical, Microsoft's highest threat score in its four-level system, according to the advance notification posted Thursday.
Several nonsecurity updates classified as "high priority" will also be unveiled Tuesday via Windows Update, Microsoft Update and Windows Server Update Services (WSUS).
As usual, Microsoft did not disclose details of the updates, but intelligent guesses are not difficult. One of the Windows updates, for example, will likely be a fix for the DNS (Domain Name System) zero-day bug found in all editions of Microsoft's server line, including the current beta of Windows Longhorn Server. While researchers predicted last month that Microsoft would issue an out-of-cycle fix for the DNS server service flaw, the company's security team instead has repeatedly blogged that it would probably wait until the regularly scheduled patch day.
In the meantime, botnet worms have been on the prowl for more than two weeks.
Other good bets include a fix for a Word 2000/2002 flaw that Microsoft acknowledged on Feb. 14. The vulnerability, which the SANS Institute's Internet Storm Center calls critical and Danish bug tracker Secunia pegs as extremely critical, has been exploited by attackers for more than three months. The Word patch didn't make it into last month's updates.
Microsoft also said it would deploy a patch for the cryptography API (dubbed CAPICOM) within BizTalk Server; that process management server has rarely needed to be fixed. Microsoft's security update database only includes two BizTalk references, the most recent of which was issued four years ago.
If Microsoft issues the seven updates, users will have seen 29 bulletins in the first four months of the year, and at least 49 patches; more than half of those will have been marked critical. During the first five months of 2006, Microsoft issued 20 updates with 36 patches.
Tuesday's updates are expected to be available for manual download from the Microsoft Web site at about 1 p.m. PDT.
ARN Member Login
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Sony launches a new version of its Reader electronic book deviceSony launches a new version of its Reader electronic book device. The PRS-700 adds a touchscreen and reading light to the previous model and will go on sale in the U.S. in November.
Brian's bloopersIt takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
F-Secure achieves excellent results in Internet security suite comparison 10 October, 2008 14:37:00
Lock It Up With Maxtor BlackArmour, Hardware Encrypted Storage Provides Government Grade Security For Consumers 10 October, 2008 09:04:00
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 10 October, 2008 08:51:00
IOGEAR Gears Up in Australia 09 October, 2008 20:18:00
Symantec to Extend Online Services with Acquisition of MessageLabs 09 October, 2008 11:48:00
V/Line and Oakton use Microsoft SQL Server 2008 to develop an Executive HR Dashboard
With the help of Oakton, V/Line - Victoria's regional public transport provider - utilised Microsoft SQL Server 2008 to develop an Executive HR Dashboard report.
Subscribe to ARN
