Microsoft to issue nine patches, no word on XML fix

Share this article:

Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, the software company announced Thursday.

The patches, due on Tuesday, will cover weaknesses in Windows, Office, Internet Explorer (IE) and Visual Basic for Applications.

It is not clear if Microsoft will offer a patch for a zero-day vulnerability in XML Core Services, which is being actively exploited in attacks on IE. The company has issued a temporary Fix-It solution for the issue, but many IT administrators eagerly are awaiting a permanent fix, especially with news that the exploit has been added to popular toolkits.

If the patch for the bug is coming, security experts said it will be found in Bulletin 1, one of three that earned Microsoft's highest severity rating of "critical." The jury is still out, though, considering Microsoft's Security Response Center blog that announces the monthly security updates typically indicates if a zero-day hole is being plugged, but this time there was no mention of it.

A Microsoft representative did not immediately respond to an email seeking clarification.

The other patch garnering attention this month is for a vulnerability in Internet Explorer 9. Though the flaw only affects the most recent edition of the web browser, an IE fix will catch some off guard because Microsoft typically updates the software once every two months -- and a cumulative patch last came in June.

UPDATE: Microsoft confirmed to SCMagazine.com that a patch for the XML vulnerability is expected next week.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.