Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft slates 22 patches for Windows, IE next week

Gregg Keizer | Aug. 4, 2011
Aging XP escapes majority of updates planned for Windows.

"It's a tea leaf month," Storms said. "It's like reading tea leaves. There's very little to go on and a lot of data at the same time. It's just difficult to read anything from what we have here."

What Microsoft marked as "Bulletin 3," however, did catch his eye. That bulletin will apply only to Windows 7 and Server 2008 R2, the two newest versions of Microsoft's client and server operating systems.

"The interesting bulletins are those that only affect the older software, or only affect the newer software," said Storms, noting that Bulletin 3 is in the second camp.

That update will be a puzzler until Microsoft ships its updates since Windows Vista and Server 2008 R2 share much of their code base with their respective follow-ons, Windows 7 and Server 2008: Typically, if one line needs to be patched, so does the other.

Of the nine updates Microsoft will deliver for Windows, five won't be necessary for Windows XP, the decade-old operating system that Microsoft is trying to shove into retirement as quickly as possible.

Also on next week's slate are an update for the .Net framework and Visual Studio 2005 development toolset, and another for Visio, the diagramming application that's part of the Office family.

Microsoft patched Visio 2003 last month to stymie DLL load hijacking attacks that rely on tricking applications or operating systems into loading a malicious file with the same name as a legitimate DLL, or dynamic link library.

This month, the company will patch all the other still-supported versions, including Visio 2003, 2007 and 2010. It's possible that the update will fix DLL load hijacking problems in those editions.

A month ago, Marcus Carey, a researcher with Rapid7, pointed out that the Visio 2003 bug might pique the interest of hackers active in targeted attacks because, "People who typically use Visio are high-value, often network or systems engineers [who] often have the keys to the [network] kingdom."

Storms agreed today. "It looks like Visio could be a new target," he said.

The 13 updates will be released at approximately 1 p.m. ET on Aug. 9.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.