Microsoft to patch critical Windows, Office flaws

Serious problem with Windows Shell already targeted by exploit code to be tackled by one of 11 updates.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Oct. 6, 2006 6:33 a.m. PT

Microsoft plans to issue nearly a dozen security patches on Tuesday, including critical fixes for Windows and Office.

The company will release six updates for the operating system and four for the office suite, according an advance notice sent out Thursday by the software giant. Some of the patches will be deemed "critical," the company's highest severity rating. The company also plans to send out a security bulletin for Microsoft .Net that will be tagged moderate, it said.

The updates, part of Microsoft's regularly scheduled monthly patch cycle, come after sample attack code has surfaced for vulnerabilities in the Windows Shell component of the operating system. Those flaws could enable attackers to use a Web site to load malicious software onto systems.

The past few weeks have seen the arrival of third-party patches for the Windows Shell problem. The Zeroday Emergency Response Team, or ZERT, delivered its own fix, aiming to help people protect their PCs until Microsoft issued an official update. In addition, security company Determina provided an outside patch for the same issue.

Microsoft has said it will provide a patch for the Windows Shell vulnerability in its October bunch of bulletins. It is expected to announce more details regarding the flaws once the patches are released next week.

In September, the company delivered a critical fix for Office, one of three security bulletins in that monthly patch cycle.