Very mild Patch Tuesday ahead from Microsoft
After a series of critical out-of-band security patches were issued by Microsoft two weeks ago, most of the thunder has been squelched for next Tuesday's regular set: down to one critical and one important patch.
In keeping with Microsoft's current policy, the company no longer releases too detailed information in advance of patches' distribution. For example, if the company were to say too much about interim workarounds, it might give away clues that could make many more machines vulnerable prior to Tuesday.
But this much we do know: The critical patch affects XML Core Services, which is Windows' key library for enabling the interpretation of XML-based files and incorporating XML into applications. Essentially all versions of Windows that use these services, dating back to Windows 2000 SP4, are affected.
The out-of-band patch issued two weeks ago, by comparison, appears to address a far more potentially widespread fault, affecting all modern versions of Windows -- specifically, their applications' ability to place remote procedure calls. BetaNews found evidence of researchers with somewhat less-than-white hats who were openly working on a new set of exploits that fooled what is called the Server service in Windows, though we did not find any "eureka" evidence that anyone's efforts had suddenly succeeded.