Microsoft to issue nine patches, no word on XML fix

Share this article:

Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, the software company announced Thursday.

The patches, due on Tuesday, will cover weaknesses in Windows, Office, Internet Explorer (IE) and Visual Basic for Applications.

It is not clear if Microsoft will offer a patch for a zero-day vulnerability in XML Core Services, which is being actively exploited in attacks on IE. The company has issued a temporary Fix-It solution for the issue, but many IT administrators eagerly are awaiting a permanent fix, especially with news that the exploit has been added to popular toolkits.

If the patch for the bug is coming, security experts said it will be found in Bulletin 1, one of three that earned Microsoft's highest severity rating of "critical." The jury is still out, though, considering Microsoft's Security Response Center blog that announces the monthly security updates typically indicates if a zero-day hole is being plugged, but this time there was no mention of it.

A Microsoft representative did not immediately respond to an email seeking clarification.

The other patch garnering attention this month is for a vulnerability in Internet Explorer 9. Though the flaw only affects the most recent edition of the web browser, an IE fix will catch some off guard because Microsoft typically updates the software once every two months -- and a cumulative patch last came in June.

UPDATE: Microsoft confirmed to SCMagazine.com that a patch for the XML vulnerability is expected next week.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Adobe makes delayed updates for Reader, Acrobat available

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.