Focus is on Windows bugs in the next round of Microsoft patches
Though Microsoft does not reveal specifics about what is getting patched, one thing is for sure: The Excel zero-day flaw announced late last month will not be plugged. For this update, the fixed flaws solely affect the Windows operating system and are not related to any specific application.
The patch labelled "critical" affects all supported versions of Windows and corrects at least one vulnerability that can result in remote code execution, according to the advance notification advisory released Thursday.
Meanwhile, one of the two other patches -- both rated "important" -- also involves all Windows versions. The remaining one does not involve XP or Vista, the advisory said. A spoofing exploit could result by taking advantage of the flaws to be corrected by the two "important" patches.
Experts said patches that affect the underlying Windows platform often take a lot more work to properly deploy.
"The critical patch is going to be a huge undertaking," Paul Henry, security and forensic analyst for vulnerability management firm Lumension Security, said in a prepared comment. "When working on the core infrastructure, it opens up other applications to potential risk, making a simple patch deployment impossible."
On Tuesday, Microsoft also plans to distribute its usual monthly update to the Software Removal Tool, the company said.