Three Critical Patches on Tap for Tuesday

The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.

The Microsoft Security Response Center (MSRC) plans to publish six security bulletins next Tuesday, according to Thursday's advance notification.

Three of the six updates will address "Critical" issues. The remaining three are expected to be of "Important" and "Moderate" severity, Microsoft said.

Redmond's advance notification lumped the bulletins into several groups. At this point, the three Critical bulletins will affect one or more versions of Office and Excel, one or more versions of Windows, and one or more iterations of the .NET Framework. All three critical bulletins are linked with potential remote code execution (RCE) exploits.

The Important vulnerabilities will affect Office and Excel versions 2003 and 2007 (as well as Microsoft Publisher 2007) along with Windows XP Professional. Both Important vulnerabilities are also linked to potential RCE exploits. The sole Moderate vulnerability involves a potential information disclosure exploit in Windows Vista. As of press time, Microsoft had not provided any additional information about this flaw.

At least four of next week’s updates will require system restarts.

Redmond's Patch Tuesday activities don't stop with these vulnerabilities, either. Microsoft announced plans to deliver four non-security, high-priority updates (via Microsoft Update and Windows Server Update Services) and one non-security, high-priority update via Windows Update and Software Update Services.

As usual, Microsoft is also prepping another version of its Windows Malicious Software Removal Tool.

Thursday's advance notification isn't always the last word in Patch Tuesday deliverables. Earlier this year, for example, Microsoft yanked several promised Windows patches from its Patch Tuesday payload. Redmond typically pulls a patch if it discovers problems during testing, or if it identifies other issues.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.