Microsoft said it will issue four security updates next week, only one of which is pegged as critical, to patch 22 vulnerabilities in Windows and Visio 2003. Next Tuesday's patch lineup is smaller than June's, when Microsoft shipped 16 updates that fixed 34 flaws . The company typically delivers a lighter load in odd-numbered months. In May, for instance, Microsoft shipped just two updates -- the company calls them "bulletins" -- to patch only three vulnerabilities. Of the four updates slated, one will be rated "critical," the highest threat label in Microsoft's four-step scoring system, while the other three will be marked "important," the second-most-dire ranking. Next week's Patch Tuesday vulnerability count will be among the largest for the year, with its 22 bested only by April's 64 and June's 34, and tied with February's collection. But the bugs-per-bulletins ratio is the highest for the year, observed Andrew Storms, director of security operations at nCircle Security, hinting of next week's releases. In April, Microsoft patched 30 vulnerabilities in the Windows kernel device driver with a single bulletin, a record for one update. Microsoft has issued more than a dozen DLL load hijacking updates since last November. In May, the Slovenian firm Acros Security announced that more DLL load hijacking updates were necessary to plug holes in Windows 7 and Internet Explorer 9 (IE9). At the time, Microsoft said only that it was investigating the Acros report. The sole critical update scheduled for next week affects Windows Vista and Windows 7, but does not impact the much older Windows XP or any of Microsoft's server operating systems. Because Windows XP will be immune to the one or more vulnerabilities in that update, Storms said the bug had to be in code first used in Vist [...] Visit us at FastFind FASTFIND http://fastfind.co.tv
No comments:
Post a Comment