Microsoft to release seven patches — including DNS fix — on Patch Tuesday

Share this article:

Microsoft today announced it will release seven Patch Tuesday fixes next week, including one for a flaw in Windows Server 2000 and 2003 DNS Service.

Christopher Budd, security program manager, said on the Microsoft Security Response Center Blog that the software Goliath has seen no new attacks on the DNS flaw, but it is scheduled to be fixed.

"The listing of updates slated for Tuesday does include the update we’ve been working on for this issue," he said, referring to the DNS flaw.

Microsoft announced today that each of the seven flaws has a maximum severity rating of critical.

The release will contain two patches for Windows, three for Office, one for Exchange and one for CAPICOM and BizTalk, according to the advance notification released by Microsoft today.

As part of the release, Microsoft will also release an updated version of the Malicious Software Removal Tool, and seven high-priority non-security updates.

Budd recently said that he was increasingly confident the patch would be released on schedule.

Public exploits, including a Metasploit module, were released last month for the flaw, but researchers said attacks were rare because the DNS server is generally not public facing. Intranets are the greatest risk of exploitation.

Researchers also credited Microsoft for providing easy-to-use workarounds for administrators to protect their networks.

Microsoft is also keeping an eye on a hacker known as shinnai, who kicked off the Month of ActiveX Bugs project this week, disclosing exploitable flaws affecting OCX controls in Microsoft Office.

Meanwhile, Apple on Monday patched a flaw in its QuickTime media player that could be exploited on Safari, Firefox or Internet Explorer web browsers, on Windows XP, Vista or Mac OS X operating systems.

Click here to email Online Editor Frank Washkuch Jr.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.