In association with heise online

06 May 2011, 15:20

Microsoft Patch Tuesday: two updates planned

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Logo Following last month's record-breaking Patch Tuesday, Microsoft has announced that it plans to release just two bulletins on Tuesday 10 May. According to the company, the bulletins – one of which is rated as "Critical" – both address remote code execution vulnerabilities.

The first bulletin will correct issues in Windows Server 2003 and 2008, while the second bulletin, rated as "Important", will patch holes found in Office XP, 2003 and 2007, as well as Office 2004 and 2008 for Mac. The Open XML File Format Converter for Mac and the Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats are also affected.

In addition, Microsoft has said that it is making changes to the Exploitability Index, its vulnerability rating system, to make it "more clear and digestible for customers". In future, Microsoft will publish two ratings per vulnerability: "one for the most recent platform, the other as an aggregate rating for all older versions of the software".

Microsoft says that it hopes that the change will make it easier for customers on recent platforms to determine their actual risk, given the built-in security mitigations in some of its products. Windows 7, for example, includes additional security features like data execution prevention (DEP) and address space layout randomisation (ASLR); however, this functionality is not included in older versions of Windows, such as Windows XP.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit