Details of next week’s Patch Tuesday released

By Isabelle Chaize

Microsoft’s next monthly security update release, due to take place next Tuesday, will include five ‘critical’ patches.

The eight patches to be released will address flaws in Windows’ most recently added products, Windows Vista SP1 and Windows Server 2008.

One of the ‘critical’ patches affects every single version of the Windows OS, including Vista SP1 and Server 2008, which were made available to the public only a fortnight ago and five weeks ago respectively.

Although, as usual, exact details of the upcoming patches have not been published, Microsoft hinted that the widespread flaw could inclive the possibility of remote execution of code.

Graham Cluley, senior technology consultant at Sophos, said ‘We want Microsoft to release information about their products to help developers, but it can also attract malware writers.’

The other four ‘critical’ patches also target Windows, as well as Office and Internet Explorer. One addresses problems with Microsoft’s VBScript and JScript languages in Windows 2000, XP and 2003, whilst another involves the Office scheduling and control tool, Project.

Security experts suggested that the Project flaw would probably be to do with document file formats, which they also thought likely for another weakness, categorised ‘important’, which affects Visio, the Office business and technical drawing application.

The other two ‘important’ updates also affect all Windows versions, and are aimed to fix vulnerabilities to spoofing or elevation of privilege exploits.