Microsoft readies four patches in end-of-summer update

Share this article:
Updated on Thursday, Sept. 4 at 2:44 p.m. EST

Microsoft on Thursday said it plans to deliver four patches in next week's monthly security update to correct a number of vulnerabilities labeled "critical."

The fixes address bugs in Windows, Media Player, Media Encoder and Office, according to an advance notification advisory.

The patches earn the "critical" rating because they fix flaws that could be exploited to execute remote code.

For IT administrators, the Windows OS patch appears the most problematic because it affects a wide range of Microsoft applications and operating systems, including Server 2003, SQL Server 2005, Vista and Visual Studio 2008, said Andrew Storms, director of security operations at network security firm nCircle.

"This means that even though you thought your enterprise was in a good base configuration, what's going to happen next week is you're pretty much going to have to hit every enterprise client or server installation [with a patch]," Storms told SCMagazineUS.com on Thursday.

Microsoft does not plan to release any "important" patches but does expect to issue an updated version of its Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

September's security update is a far cry from last month's, when the software giant pushed out 11 fixes for 26 vulnerabilities.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.