Microsoft issued its monthly batch of fixes for its software line, which included two more fixes than expected to address recently discovered security vulnerabilities.
The company planned to release six security bulletins covering nine vulnerabilities, but a seventh bulletin covering two flaws in the Windows Media Format were added at the last minute.
“We note in the advanced notification that the information is subject to change; that is the case this month. We have been working on an update for the Windows Media Format and were able to meet the quality bar necessary for release. Because of this, we were able to add it to the December release,” said Microsoft in a statement announcing the fixes.
Missing from today’s patches are any fixes for a pair of known flaws in Microsoft Word. These flaws first emerged last week. Microsoft said it was still investigating the Word vulnerabilities.
The Windows Media fix is one of three “Critical” updates, considered the most severe vulnerabilities. The other two are in Internet Explorer and Visual Studio 2005. One vulnerability, labeled “Important,” relates to Outlook Express, the basic e-mail client in Windows XP and Windows 2000. The remaining fixes are in Windows.
Microsoft has also updated its Malicious Software Removal tool, adding the ability to remove the Beenut family of trojans.
All of the fixes are available via Windows Update and Microsoft Update. Microsoft Update is a service that provides customers all of the Windows Update fixes, plus high priority updates for Office and other Microsoft applications.
Microsoft will host a webcast on Wednesday at 11 am PST to discuss the fixes.
Security vendor PatchLink encouraged systems managers not to wait for the Word fixes to issue this month’s patches. “With two Word zero day vulnerabilities still on the loose, PatchLink recommends deploying the patches as quickly as possible in order to leave enough space for any out-of-cycle patches later this month,” said Don Leatham, director of solutions and strategy.
