Topic: Critical Windows patches announced

[Clive]

Joris Evers
CNET News.com
September 09, 2005, 08:55 BST
 
As part of its monthly patching cycle, Microsoft on Tuesday plans to release one security alert for flaws in the Windows operating system.

The security bulletin is deemed "critical", Microsoft's highest risk rating, the company said in a notice posted on the advance notification section of its Web site on Thursday. Last month's "Patch Tuesday" also included a critical alert for Windows flaws. One of the flaws was exploited days later by the Zotob worm that wreaked havoc on Windows 2000 systems worldwide.

Microsoft's Thursday notice did not specify whether one of the patches will be for Internet Explorer. Over the last few weeks, several security researchers have come forward with flaws in the Web browser. Some of these vulnerabilities could let an attacker gain control of a user's PC.

There are several unpatched vulnerabilities in IE 6, according to Secunia. The security monitoring company has issued 85 alerts on the Web browser since 2003; 19 of those security bugs remain unpatched, according to Secunia's Web site.

In addition to the Windows security fixes, Microsoft on Tuesday plans to release an update for Windows that it deems high priority, but is not security related, the company said. Furthermore, an updated version of the Windows Malicious Software Removal Tool will be released. The tool detects and removes malicious code placed on computers.

Microsoft gave no further information on Thursday's bulletins, other than stating that some of the Windows fixes may require restarting the computer.

The software giant provides information in advance of its monthly patch release day, which is every second Tuesday of the month, so people can prepare to install the patches. In August, Microsoft released six security bulletins, including three deemed "critical" for Windows.

Microsoft rates as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.

Microsoft said it will host a Webcast about the new fixes on Wednesday at 1100 PDT

[Clive]

Microsoft Cancels Patch Tuesday
By Nate Mook, BetaNews
September 9, 2005, 5:10 PM

UPDATED Barely 24 hours after giving advanced notice of its monthly "Patch Tuesday" fixes, Microsoft late Friday said that it was scrapping the updates over a "quality issue." Microsoft had planned to release a single bulletin for a critical vulnerability affecting Windows.

"Late in the testing process, Microsoft encountered a quality issue that necessitated the update to go through additional testing and development before it is released," a Microsoft spokesperson told BetaNews. "Microsoft is committed to only releasing high quality updates that fix the issues in question, and therefore we feel it is in the best interest of our customers to not release this update until it undergoes further testing."