X

Slew of Windows patches coming

Microsoft plans to release eight security alerts with fixes for Windows flaws--and at least one hole could be used for a worm attack.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
See full bio
Joris Evers
2 min read
As part of its monthly patching cycle, Microsoft on Tuesday plans to release eight security alerts for flaws in the Windows operating system.

At least one of the alerts is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site on Thursday. Last month, Microsoft planned one critical alert for Windows, but pulled it at the 11th hour because of quality issues.

Microsoft rates as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.

Additionally, Microsoft on Tuesday plans to release a security bulletin covering a problem related to Windows and its Exchange e-mail server, the company said. This issue is rated "important," one notch below "critical" on Microsoft's rating scale.

Microsoft's notice Thursday did not specify whether any of the patches will be for Internet Explorer, the Web browser component of Windows. Several security researchers have come forward with flaws in IE over the past weeks. Some of these vulnerabilities could let an attacker commandeer a user's PC.

There are several vulnerabilities in IE 6 waiting to be fixed, according to Secunia. The security monitoring company has issued 86 alerts on the Web browser since 2003; 20 of those security bugs remain unpatched.

As part of its monthly patch day, Microsoft also plans to release an updated version of the Windows Malicious Software Removal Tool. The software detects and removes common malicious code placed on computers.

Microsoft gave no further information on Thursday's bulletins, other than stating that some of the Windows fixes may require restarting the computer. The Exchange-related patch will require a restart, Microsoft said.

The Redmond, Wash., software maker offers advance notification about patches so people can get ready to install the updates. Microsoft did not release any fixes in September, but in August the company released six security bulletins, including three deemed critical for Windows. One of the flaws was exploited days later by the Zotob worm, which wreaked havoc on Windows 2000 systems worldwide.

Microsoft said it will host a Webcast about the new fixes on Wednesday at 11 a.m. PDT.