Microsoft Prepares Six Security Bulletins This monthly Cycle

Microsoft will be releasing its monthly patch on Tuesday, December 12, and it will be less in number than the previous few. The batch will comprise of five security bulletins for 'Microsoft Windows' and one for 'Visual Studio'.

Microsoft posted an advance notification on 8th December 2006 announcing it will issue six updates, five for 'Windows' and one aiming 'Visual Studio', one of its 'development platforms'. Microsoft will issue its highest warning by labeling two of the updates as "critical".

Prior to delivering the updates every month, Microsoft never discusses the exact components, services, or applications to be patched. However, the company offers hints of what it plans to mend. Some clues are possible to pick from third-party security vendors, who hunt 'zero-day', or un-patched vulnerabilities.

In a message posted on its Web site Microsoft said, before every 'monthly security bulletin release cycle', the company provides prior notification to its customers on the number of new security patches being released. It also informs about the products affected, the sum of maximum severity, and the detection tools appropriate to the update. The purpose is to help customers plan effectively the deployment of these security patches.
Microsoft has still not issued a patch for 'Office', though it warned that a security hole in several versions of 'Word' portion of the 'Office suite' was being exploited on cyber space. However, the software developer is working on a security bulletin for the flaw but seemed to take more time.
The six bulletins expected on Tuesday will make a total of 77 this year, surpassing the previous record of 72 attained in 2002. Microsoft rates most serious of its Windows updates as "critical". This means the attacker could, without user action, exploit the related flaw to execute malware on a victim's computer.

Microsoft releases its security patches on the second Tuesday of every month. The company will be publishing a small number of updates in December due to shortage of IT staff during the holiday season.

In addition to the 'security-related 'fixes, Microsoft will also release four 'non-security High-Priority' updates and ten 'non-security' updates.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 12/11/2006