Upcoming Microsoft patch day: three critical updates planned
As it does on the Friday before every patch day, Microsoft has stated how many patches it intends to publish, and for which products. Four updates are to be issued on May patch day next Tuesday: three to plug vulnerabilities classified as critical and one to close a security hole that's considered important.
Two of the critical updates close holes in Microsoft Office – in Word and Publisher. They affect Office 2000, XP, 2003, 2007, Office 2004 and 2008 for Mac, Word Viewer 2003 and the compatibility pack for Office 2007 file formats. An update will close a security hole in the Jet Engine that attackers can exploit to inject malicious code. The patch is intended to eliminate the flaw in Windows 2000 SP4, XP SP2, XP x64, Server 2003 SP 1, Server 2003 x64 and Server 2003 SP1 for Itanium systems.
The fourth update announced will plug a denial of service hole in the OneCare, Antigen and Forefront anti-virus products and in the Windows Defender anti-spyware tool. As is customary, an updated Malicious Software Removal tool (MSRT) is to be released.