RealTime IT News

Microsoft Plans Office, Windows Patches

UPDATED: After releasing a rash of more than a half-dozen security patches, Microsoft has announced just two patches are slated for next week.

Microsoft Office is scheduled to receive a patch on March 14 for what the software maker terms a "critical" flaw. The highest warning level used by Microsoft, critical security errors indicate an attacker could use the flaw to exploit a vulnerability capable of taking control of a system.

The second "important" patch addresses a problem in the Windows operating system. An important patch usually signals a vulnerability that could permit Denial-of-Service attacks.

Along with a non-security high-priority update, Microsoft said it will also update its Malicious Software Removal Tool.

The company did not release additional details, as is its custom, but provides advanced word to help users more effectively plan to deploy the patches, according to the firm.

The upcoming "patch Tuesday" follows a month where Microsoft released seven patches, covering Windows, Internet Explorer, Media Player and Power Point. Two of the patches addressed Media Player problems Microsoft believed to be critical.

Chatter over Windows security has been fairly quiet, according to Steve Manzuik, eEye Digital Security product manager. Eeye brought last month's Media Player security flaws to Microsoft's attention.

"It's not one of ours," Manzuik told internetnews.com when asked to identify the security problems mentioned by Microsoft.

Munzuik said eEye knows of only one Windows vulnerability needing attention, a medium-risk denial of service hole.

Earlier this month, Microsoft tweaked Internet Explorer 6.0's handling of ActiveX controls. The change was in response to a patent-infringement suit Microsoft lost to Eolas Technology.