Microsoft to issue nine patches, no word on XML fix

Share this article:

Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, the software company announced Thursday.

The patches, due on Tuesday, will cover weaknesses in Windows, Office, Internet Explorer (IE) and Visual Basic for Applications.

It is not clear if Microsoft will offer a patch for a zero-day vulnerability in XML Core Services, which is being actively exploited in attacks on IE. The company has issued a temporary Fix-It solution for the issue, but many IT administrators eagerly are awaiting a permanent fix, especially with news that the exploit has been added to popular toolkits.

If the patch for the bug is coming, security experts said it will be found in Bulletin 1, one of three that earned Microsoft's highest severity rating of "critical." The jury is still out, though, considering Microsoft's Security Response Center blog that announces the monthly security updates typically indicates if a zero-day hole is being plugged, but this time there was no mention of it.

A Microsoft representative did not immediately respond to an email seeking clarification.

The other patch garnering attention this month is for a vulnerability in Internet Explorer 9. Though the flaw only affects the most recent edition of the web browser, an IE fix will catch some off guard because Microsoft typically updates the software once every two months -- and a cumulative patch last came in June.

UPDATE: Microsoft confirmed to SCMagazine.com that a patch for the XML vulnerability is expected next week.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.