UPDATED: After releasing a rash of more than a half-dozen security
patches, Microsoft has announced just two patches are slated for next week.
Microsoft Office is scheduled to receive a patch on March 14 for what the
software maker terms a “critical” flaw. The highest warning level used
by Microsoft, critical security errors indicate an attacker could use
the flaw to exploit a vulnerability capable of taking control of a system.
The second “important” patch addresses a problem in the Windows operating system. An important patch
usually signals a vulnerability that could permit Denial-of-Service attacks.
Along with a non-security high-priority update, Microsoft said it
will also update its Malicious Software Removal Tool.
The company did not release additional details, as is its custom, but provides advanced word to help users more effectively plan to deploy
the patches, according to the firm.
The upcoming “patch Tuesday” follows a month where Microsoft released seven patches, covering Windows, Internet Explorer, Media
Player and Power Point. Two of the patches addressed Media Player
problems Microsoft believed to be critical.
Chatter over Windows security has been fairly quiet, according to
Steve Manzuik, eEye Digital Security product manager. Eeye brought last
month’s Media Player security flaws to Microsoft’s attention.
“It’s not one of ours,” Manzuik told internetnews.com when
asked to identify the security problems mentioned by Microsoft.
Munzuik
said eEye knows of only one Windows vulnerability needing attention, a
medium-risk
denial of service hole.
Earlier this month, Microsoft tweaked Internet Explorer 6.0’s
handling of ActiveX
controls. The
change was in response to a patent-infringement suit Microsoft lost to Eolas Technology.