http://www.informationweek.com/news/showArticle.jhtml?articleID=181502557
By Gregg Keizer Mar 9, 2006 Microsoft on Thursday said it would release just two security patches next week, five fewer than last month. A fix for Microsoft Office, the Redmond, Wash.-based company's business productivity suite, is on the calendar, as is a separate patch for Windows. The former will be labeled "critical," Microsoft's most serious warning, while the latter will be tagged as "important." Microsoft assigns "critical" to security bulletins when it believes an exploit of the vulnerability could be used to create a worm able to spread without any user interaction [1]. As is its practice, Microsoft gave no additional details. Its advance notifications [2] are meant only to "help customers plan for the deployment of these security updates more effectively," the company said in the alert. Although the warning didn't offer clues on the problems to be patched, eEye Digital Security [3] knows about one unfixed critical vulnerability in Windows, while Danish vulnerability tracker Secunia lists several unpatched Office problems. Because the latter, however, hark back to 2003 and 2004, it's likely the Office issue has either not yet been disclosed or has been kept quiet by its discoverer(s). A single non-security, high-priority update will also be released via Microsoft Update, said the alert, and the Windows Malicious Software Removal Tool will, as usual, be refreshed. Last month, Microsoft unveiled seven bulletins [4] for Windows, Internet Explorer, Media Player, and PowerPoint. Two of the seven were deemed critical. March's security bulletins, patches, and updates will be issued Tuesday, March 14. [1] http://www.microsoft.com/technet/security/bulletin/rating.mspx [2] http://www.microsoft.com/technet/security/bulletin/advance.mspx [3] http://www.eeye.com/html/research/upcoming/20051011.html [4] http://www.techweb.com/wire/security/180201607 _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org