Microsoft is out with its monthly Patch Tuesday release, this time providing fixes for at least 26 vulnerabilities. The vulnerabilities are grouped into five critical and four important bulletins, addressing flaws spread across the Microsoft software portfolio.
At the top of the Patch Tuesday release list is a re-release of MS12-043 which affects Microsoft XML Core Services. The patch was originally part of the July Patch Tuesday update, but it did not include a fix for XML Core Services version 5.0.
As to why Microsoft did not include the XML 5 patch in the July update alongside the updates to XML versions 3.0, 4.0, and 6.0, it all has to do with timing and quality.
“Delivering comprehensive, high-quality security protections is an extensive process where we always strive to help protect customers as soon as possible by providing the necessary information for our customers to prepare for an upcoming release,” said Microsoft Trustworthy Computing Director Yunsun Wee in response to a question from eSecurity Planet about the XML 5 patch delay.