Microsoft to patch zero-day DNS flaw

Seven security bulletins planned for release on Patch Tuesday, including "critical" fixes for Windows, Office, Exchange and BizTalk.
Written by Joris Evers, Contributor
Microsoft on Tuesday plans to release seven security bulletins, including a fix for a zero-day flaw in Windows that is already being used in cyberattacks.

The bulletins, part of Microsoft's monthly patch cycle, are slated to provide fixes for an undisclosed number of security vulnerabilities in Windows, Office, Exchange and BizTalk, Microsoft said on its Web site Thursday. The issue affecting BizTalk also relates to "Capicom," a developer component to add cryptography to applications.

Each of the four product families is scheduled to get at least one "critical" update, Microsoft's highest severity rating, the company said. Microsoft plans to release two bulletins related to issues in Windows and three related to Office, with one remaining for both Exchange and BizTalk, it said.

Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user.

Microsoft's updates will include a patch for a vulnerability in the Windows domain name system, or DNS. The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft warned of the problem last month and has said it was being used in "limited" attacks.

Some of the planned Office patches will likely deal with vulnerabilities in the software that have been disclosed and have been waiting for fixes.

Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server.

Last month, Microsoft released six security bulletins. Shortly after it released the fixes, several new Office zero-day bugs and the Windows DNS bug hit. Some security watchers have come to call this phenomenon "zero-day Wednesday."

Editorial standards