Revving up for Microsoft's August Patch Tuesday
This coming Tuesday (8th August), Microsoft will again show its hand: this is when the 500 lb gorilla of operating system vendors will release ten security advisories for Windows, including at least one categorised as critical, as well as two for Office, with at least one of those also called critical. The individual security bulletins often close several holes at once.
It can be presumed that Microsoft is closing the vulnerability in Office through which manipulated Powerpoint files can sneak code onto the system. The company may also be sealing the security holes in the no-frills Works office software suite.
For Windows, Microsoft has clearly not yet eliminated the flaw in hlink.dll through which specially crafted, overly long links can provoke a buffer overflow during the processing of that library, thereby allowing code to be planted. The software giant has already released updates for the Windows Server service on the last Patch Tuesday, but new vulnerabilities have emerged since then.
eEye, a security services provider, is currently listing only one outstanding security advisory, although as usual no details are named. Microsoft may also potentially be closing security holes in Internet Explorer and Active X modules that H. D. Moore publicised through his Month of the Browser Bugs.
Microsoft does not release information on exactly which flaws are being eliminated until Patch Tuesday itself. The updates will require a restart of the computer, the company has indicated in its advance notice.
- Security Bulletin Advance Notification from Microsoft