Microsoft Patch Tuesday - with or without 0-day patch?
Microsoft plans to release five security bulletins on its June Patch Tuesday next week. A critical bulletin affects all versions of Internet Explorer, while three important bulletins close security holes in all currently supported versions of Windows. Another important bulletin addresses vulnerabilities in Office 2003 Service Pack 3 and Office for Mac 2011.
Microsoft's advance notification doesn't mention whether it will also patch the privilege escalation hole in Windows that was disclosed by Google security expert Tavis Ormandy. A working exploit for that vulnerability is already in circulation.
Tavis Ormandy caused annoyance at Microsoft when he disclosed the security hole in May. Instead of reporting the hole to Microsoft, the researcher released the details on the Full Disclosure security mailing list. The Google employee has been known to choose this approach in the past and has frequently preferred the Full Disclosure mailing list over notifying the manufacturer in advance.