Microsoft to issue nine patches, no word on XML fix

Share this article:

Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, the software company announced Thursday.

The patches, due on Tuesday, will cover weaknesses in Windows, Office, Internet Explorer (IE) and Visual Basic for Applications.

It is not clear if Microsoft will offer a patch for a zero-day vulnerability in XML Core Services, which is being actively exploited in attacks on IE. The company has issued a temporary Fix-It solution for the issue, but many IT administrators eagerly are awaiting a permanent fix, especially with news that the exploit has been added to popular toolkits.

If the patch for the bug is coming, security experts said it will be found in Bulletin 1, one of three that earned Microsoft's highest severity rating of "critical." The jury is still out, though, considering Microsoft's Security Response Center blog that announces the monthly security updates typically indicates if a zero-day hole is being plugged, but this time there was no mention of it.

A Microsoft representative did not immediately respond to an email seeking clarification.

The other patch garnering attention this month is for a vulnerability in Internet Explorer 9. Though the flaw only affects the most recent edition of the web browser, an IE fix will catch some off guard because Microsoft typically updates the software once every two months -- and a cumulative patch last came in June.

UPDATE: Microsoft confirmed to SCMagazine.com that a patch for the XML vulnerability is expected next week.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.