We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

One 'critical' fix in next Patch Tuesday

Microsoft prepares five updates in total

September's Patch Tuesday will include five Microsoft updates targeting flaws in Windows, SharePoint, Visual Studio and Microsoft's instant messaging clients.

Of the five bulletins expected on September 11, only one will be labelled 'critical', Microsoft's highest rating, although of the remaining four - all ranked 'important' - two could result in remote code execution if successfully exploited. Details were spelled out in the pre-patch notification that Microsoft posted yesterday.

Windows will be pegged by two of the updates, including the single critical patch, which is slated to fix one or more unspecified vulnerabilities in Windows 2000 SP4. The other update will plug one or more flaws in Windows Services for UNIX (SFU), which is present in all versions of Microsoft's operating system, including Vista. The Microsoft-produced SFU is a collection of components that make it possible for Windows and Unix systems to talk to each other. Mixed OS shops, for instance, install SFU so that Windows PCs can map to Unix NFS network shares.

Other updates are set to plug holes in SharePoint Services 3.0 on Windows Server 2003, Visual Studio through version 2005 SP1 and the MSN Messenger/Live Messenger versions 6.2, 7.0, 7.5 and 8.0.

Windows Vista, which has been hammered by updates of late - last month, five of nine security bulletins affected Vista - will be patched by only one of the five September fixes.

As is customary, Microsoft gave only partial details of the upcoming updates, making it difficult to predict the specific vulnerabilities being patched. Danish vulnerability tracker Secunia, for example, shows no unpatched problems for either SFU or SharePoint Services. However, Secunia's database does list outstanding vulnerabilities in Visual Studio, which sports a still-unpatched bug from January 2006; Windows 2000; and the MSN and Live Messenger clients.

The Messenger update will likely patch the webcam vulnerability reported late last month on a Chinese-language security mailing list. According to an advisory issued on August 28 by US-CERT (the US Computer Emergency Response Team), all versions but the newest are susceptible to attack via a heap overflow bug through a purposefully-malformed webcam session. Exploit code was also publicly posted in August.

At the time, US-CERT recommended users upgrade immediately to Windows Live Messenger 8.1, which was not affected by the bug.

Assuming Microsoft releases all five updates - occasionally it drops one at the last minute - users will have faced 55 bulletins through the first nine months of 2007, the same number as during the January-September stretch last year.


IDG UK Sites

3 of the best portable chargers: a solar power charger, a hand-cranked charger, and how to charge...

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

Thinking robots: The philosophy of artificial intelligence and evolving technology

IDG UK Sites

Sharknado 2 VFX: how The Asylum created CG flying man-eating sharks