May 3, 2007
Microsoft on Tuesday plans to release seven security bulletins, including a fix for a zero-day flaw in Windows DNS Web Servers that is already being used in cyberattacks.
By Joris Evers
The bulletins, part of Microsoft's monthly patch cycle, are slated to provide fixes for an undisclosed number of security vulnerabilities in Windows, Office, Exchange and BizTalk, Microsoft said on its Web site Thursday. The issue affecting BizTalk also relates to "Capicom," a developer component to add cryptography to applications.
Each of the four product families is scheduled get at least one "critical" update, Microsoft's highest severity rating, the company said. Microsoft plans to release two bulletins related to issues in Windows and three related to Office, with one remaining for both Exchange and BizTalk, it said.
Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user on the Web.
Microsoft's updates will include a patch for a vulnerability in the Windows Domain Name Servers, or DNS Web Servers. The security vulnerability affects Windows 2000 Web Server and Windows Web Server 2003. Microsoft warned of the problem last month and has said it was being used in "limited" attacks.
Some of the planned Office patches will likely deal with vulnerabilities in the software that have been disclosed and have been waiting for fixes.
Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server.
Last month, Microsoft released six security bulletins. Shortly after it released the fixes several new Office zero-day bugs and the Windows DNS bug hit. Some security watchers have come to call this phenomenon "zero-day Wednesday."
Back to the Top