Microsoft Readies 12 Security Patches
Microsoft plans to release twelve updates as part of its monthly Patch Tuesday program, its largest since February of last year and second largest overall. Of the dozen patches, nine are intended for Windows issues, two for Office, and one for Exchange.
At least one of the Windows updates has a severity rating of "critical," as does one of the updates for Microsoft Office. The Exchange flaw has a rating of "important."
The Redmond company warned that one of the Windows bulletins would change the way Internet Explorer handles ActiveX controls, regardless of whether or not the user had applied a patch designed to give developers more time to adjust the new method.
The change was initially made back in March in response to a patent infringement case that Microsoft involved in with Eolas. However, Microsoft offered a reprieve to developers by delaying the update for two months in order to allow them to modify their applications.
As is normal with the advance notifications, Microsoft does not provide details of what vulnerabilities would be patch. However, the company is expected to offer a patch for a vulnerability within Word that has already been exploited in attacks.
While eEye Digital Security lists no flaws within Microsoft products that it considers "overdue," security firm Secunia lists several minor unpatched flaws, plus a two year old moderately critical vulnerability in Windows XP caused by malicious folder creation.
Per usual, Microsoft plans to issue an update to the Microsoft Windows Malicious Software Removal Tool. Additionally, one high-prority non-security update would be released through Windows Update, and two others through Microsoft Update, the company said.