12 updates from Microsoft on forthcoming patch Tuesday
However, the five updates classified as "important" also include two which fix vulnerabilities in Internet Information Server and Office that permit remote code injection and execution. Why they are not deemed worthy of a higher classification might be revealed once they are released next week. One patch for the Active Directory Service under Windows 2000, XP and Server 2003 has also been announced. There is as always an updated version of the Windows Malicious Software Removal Tool. Further details can be found in the advance notification from Microsoft.
In addition, the company plans to distribute seven non-security related updates via Microsoft Update (MU) and Windows Server Update Services (WSUS) and two further non-security related updates via Windows Update (WU) and WSUS. These include Internet Explorer 7, which Microsoft plans to mark as an update rollup package on 12th February, meaning that it will be distributed and installed automatically in company networks with WSUS servers in which automatic release of such packages is activated. Microsoft issued a warning about this including instructions for preventing the update back in mid January.
- Preventing the automatic Internet Explorer 7 update, background article at heise Security
- Microsoft Security Bulletin Advance Notification for February 2008, summary from Microsoft