RealTime IT News

Microsoft to Patch 9 on Tuesday

Last month, Microsoft issued no new security bulletins as part of its monthly update. Not one. Nada. Zip. Zilch.

This month, though, the tune has changed, as nine patches are on tap, some of them rated as "critical." According to reports, Windows XP itself may also be getting a Service Pack 3 release in 2006.

True to form, Microsoft is vague in its advance bulletins about patches and has not disclosed the specific issues that will be addressed. Eight of the issues set to be patched will involve Windows, and there's one that specifically affects Microsoft Exchange.

Internet Explorer is among the Windows applications that are likely to be patched. Security firm Secunia reports that there are numerous unpatched vulnerabilities in IE. Among them is the "XMLHTTP" HTTP Request Injection vulnerability which "can be exploited by malicious people to manipulate certain data and conduct HTTP request smuggling attacks."

A significantly more invasive update than the simple patches offered on Microsoft's monthly patch Tuesday may also be in the works. A website called The Hotfix is claiming it has a preview "unofficial" version of Windows XP Service Pack 3. A Microsoft spokesperson was not immediately available for comment.