Microsoft to deliver six patches covering 15 flaws

Microsoft has revealed that it plans to distribute six patches, covering 15 vulnerabilities, as part of its November security update, scheduled for next Tuesday.

Three of the bulletins are labeled "critical", while the other half are marked "important", according to an advance notification. The three critical and one of the important patches are slated to resolve flaws in Windows, while the remaining two important bulletins will address holes in Office.

None of the bugs are present in the just-released Windows 7 operating system.

Most vulnerability experts agree that administrators should be most wary of Bulletin 3, which is rated critical across Windows 2000, XP, Vista, and Server 2008.

Based on the limited information that Microsoft provides prior to releasing the patches, HD Moore, chief security officer at Rapid 7 and creator of Metasploit Framework, predicts that the vulnerability resides on a common application programming interface, such as GDI (graphics display interface).

Andrew Storms, director of security operations at nCircle, said another interesting patch is Bulletin 1, which exclusively affects Vista and Server 2008, which is surprising considering they are considered more securely coded platforms than their predecessors.

Administrators likely will have an easier time with Tuesday's patch batch. Last month's release consisted of 13 bulletins covering a record 34 vulnerabilities, including two severe zero-days.

See original article on scmagazineus.com