Network Security, Patch/Configuration Management, Vulnerability Management

Focus is on Windows bugs in the next round of Microsoft patches

Microsoft next week is scheduled to release three patches -- one termed "critical" -- as part of the software giant's monthly security update.

Though Microsoft does not reveal specifics about what is getting patched, one thing is for sure: The Excel zero-day flaw announced late last month will not be plugged. For this update, the fixed flaws solely affect the Windows operating system and are not related to any specific application.

The patch labelled "critical" affects all supported versions of Windows and corrects at least one vulnerability that can result in remote code execution, according to the advance notification advisory released Thursday.

Meanwhile, one of the two other patches -- both rated "important" -- also involves all Windows versions. The remaining one does not involve XP or Vista, the advisory said. A spoofing exploit could result by taking advantage of the flaws to be corrected by the two "important"  patches.

Experts said patches that affect the underlying Windows platform often take a lot more work to properly deploy.

"The critical patch is going to be a huge undertaking," Paul Henry, security and forensic analyst for vulnerability management firm Lumension Security, said in a prepared comment. "When working on the core infrastructure, it opens up other applications to potential risk, making a simple patch deployment impossible."

On Tuesday, Microsoft also plans to distribute its usual monthly update to the Software Removal Tool, the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.