Patch Tuesday: Critical IE, Vista patches on deck

Patch Tuesday: Critical IE, Vista patches on deck

Summary: Next Tuesday, Microsoft plans to ship six bulletins with patches for a wide swathe of vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Office and Visio.


Next Tuesday, Microsoft plans to ship six bulletins with patches for a wide swathe of vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Office and Visio.

Windows VistaFour of the six bulletins will be rated "critical," Microsoft's highest severity rating. One will be rated "important" and one will carry a "moderate" rating.

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated "moderate" only affects Vista.

As part of its new-look advance notice mechanism, the MSRC (Microsoft Security Response Center) is providing more details on the patches coming on June 12, down to the severity rating of each bug covered in the individual bulletins.

[ See: Microsoft Security Bulletin Advanced Notification for June 2007 ]

Microsoft is not releasing the CVE numbers attached to the individual vulnerabilities until next Tuesday so there is no way yet to get a final total on how many flaws are being fixed.

[UPDATE: June 7, 2007 @ 3:59 PM]  Someone just reminded me about this unpatched Windows Mail file-execution vulnerability affecting Vista.  It's possible this could be one of the patches coming on Tuesday, expecially since public exploit code has been posted for this since March 2007.

Topics: Browser, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Vista Auto Update Tool

    I like how Vista works updates. It's efficient and not nearly as irritating as XP. Read about my upgrade experience:
  • Lame "advance" information

    The advance notice/info provided by the link was so lacking in any useful information regarding the upcoming patches that I'd rather smell a fart then receive those "notices" in my email. Is a one sentence description so hard to come up with? Jeez. Come on, Microsoft. Cough up a little more info.
  • Weak on the Info/Perfect place for a rant

    We can get as much enigmatic information from the site "cited" in this article:

    Basically, there is nothing new with these "down"dates. I call them that cos they actually serve no purpose but to bloat your hard drive even more.

    If Chaos Computer Club has targeted you, then you have to sit back and take it, regardless of all MS So Called Security downdates. That is a given. If someone really wants IN to your home PC? They will get in. The ONLY way to possibly keep intruders out, is by using the firewalls in your router.

    The solution? Pretty much ignore ALL security updates. There are two types of updates in the critical update section of Windows Update:

    There are SECURITY updates, these call all be ignored, If they were effective? Why would MS be re-releasing patches for services that were patched in Windows 98? -What, they did not get it right THAT time? Consequently, there is no use for the patch if it has not been dealt with in this new OS.

    Then there are basic Improvements, called simply, UPDATES (without the word security before them)- These are things like the addition of USB, addition of WPA in the Wireless Networking Configuration area. These are the only updates that are worth anything, and the regular user does NOT know how to sift though the BS to find these, so, they thing they are improving their system by downloading ALL security updates, or by using Automatic Updates. WRONG.

    Here is an example of the usual MS Security Update Notification:

    Bulletin Identifier Microsoft Security Bulletin 2
    Maximum Severity Rating

    Impact of Vulnerability
    Remote Code Execution

    Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.

    Affected Software
    Windows. For more information, see the Affected Software section.

    This marvelous amount of USEFUL information came straight from the Security Bulletin Site. What REAL information are we told? NOTHING. What Knowledge Base Article number? NONE. Even if we find the KBA, it may tell you an exact service that is being hacked, but nothing else except "Remote Code Execution".

    Windows = Paranoia. Sure. Microsoft encourages paranoia by this whole "Windows Update" thing. What a bunch of Malarkey.

    I submit, that everyone who reads what I am writing now, has experienced what I am going to postulate right now: That When the very first version of XP was installed into the very first 1 GHz PC back in 2000, it ran beautifully. That is, until the first time the user used Windows Update and got a Security Update.

    The more security updates installed, the more unstable the system became until you simply have to wipe the hard drive and start again. Everybody I know, and that amount of people I am talking about is massive... Hundreds of people, who have brought their computers to me to "fix" - Each one of them had every single Security update loaded, and each system was SO bogged down that it barely started. After I removed ALL security updates and installed VALID antivirus and antispy programs (and those change year by year... 2 years ago it was Mcafee, this year it is ESET NOD32)- Most of these systems recovered and started behaving normally.

    One of the most common symptoms of a case of TOO MANY Security Updates is, a few features in some of your important programs will STOP loading. For me, it was in Sonar, a multitrack recording program, which loads your WAV editing program at request. I use Sound Forge. When Sound Forge stopped loading from the call Sonar made to it within the program instance,
    I knew that I had been a victim of Security Updates.

    Other symptoms are these: In IE, the controls on certain websites fail to load. Your Windows Explorer fails to show the left pane, and shows a blank Gray area. You PC stops shutting down when you tell it to and the "windows is shutting down screen" stays there until the cows come home and pigs fly.

    I made quote a bit of money from 2001 to just last year, simply removing ALL Security updates. We are talking about a process that takes all day in some cases. 70 security updates, each taking from 1 minute (without a reboot) to 5 minutes (with reboot) - It all adds up in time. The result, when done, is a computer that works the way it worked when the installation was new. I have done this at least 200 times, and I have not had any of those computers returned for THAT reason. Most of them did not require an In Place Install (Which is something that cannot be done with Vista... And THIS is very bad).

    Then, just last year, MS started doing a thing sinister: The SECURITY updates could no longer be UNINSTALLED.

    Ergo, my new practice: Saving the users work, and DELETING and SECURE FORMATTING their hard drives. Then in February? MS handed me a brand new job: The job of deleting Vista and installing XP MCE in it's place.

    Now, of course I have no complaint with versions of XP that include these marvelous updates. I do not have a problem with the code that allegedly "protects us from hackers" (But really does not do anything of the sort) - I only have a problem when I open "Remove/Add Programs" and I see 100 Security updates, and THREE Programs.

    You don't believe me that ALL security updates are worthless? I'm not talking about the Blaster fix, that was not a security update: That was a rare correct response by Microsoft to a clear and present danger.

    If you have the resources, Perform this test: Make two identical computers, each with the same size hard drive, the same hardware, everything. Install XP Pro with SP2.

    Now, on one computer only get the UPDATES that add functionality, and on the other, get those plus the SECURITY updates.

    After about three months of this, check which PC works as well as it worked under a fresh install and it will not be the one with the security updates.

    I was able to do this, cos I stick to a design, when I build a PC, I build at least 20 of them for various customers. So it is no sweat to do this- Good barebones systems can be got from NewEgg for very reasonable prices.