Microsoft to patch Windows, Office flaws
The software maker says that it will patch several critical vulnerabilities, including a Windows Help Center flaw that had been publicly disclosed by a researcher at Google.
Microsoft said on Thursday that it expects to issue four security bulletins as part of next week's Patch Tuesday, closing critical holes in both Windows and Office.
The four bulletins cover a total of five vulnerabilities, including a Windows Help Center flaw that had been disclosed publicly by a Google researcher.
Of the two Windows-related bulletins, one is rated critical for Windows XP and low for Windows Server 2003, while the other affects only the 64-bit version of Windows 7.
On the Office front, one bulletin is related to the Access database and is rated critical for the 2003 and 2007 versions of the product. The other is related to Outlook and is rated as important for Outlook 2002, 2003, and 2007.
Microsoft will release more details when it issues the patches on Tuesday. Earlier this week the company said it is investigating a vulnerability in Windows XP and Windows 2000.
Update, 4:40 p.m.: Microsoft confirmed that the patches include a fix for the Windows Help Center zero-day flaw identified by a Google engineer last month.
"The Windows Help and Support zero-day vulnerability will be included in the July bulletin release," Microsoft group manager Jerry Bryant said in a statement. "We were in the early phases of investigation when details on this issue were publicly released on June 9th. We were originally targeting an August release, but we had to accelerate our efforts, based on attacks impacting Windows XP customers."
Attacks based on that flaw cropped up within days of its public disclosure. Because the vulnerability affected only two versions of Windows, Bryant said Microsoft was able to speed up the patch's release.