The Redmond, Wash.-based corporation announced on Friday that it will release four patches this week — one less than it initially announced.
Tuesday's bulletin will no longer include a fix for a flaw in Windows and SharePoint Server that can be exploited in privilege escalation attacks, Christopher Budd, Microsoft security program manager, disclosed Friday on the Microsoft Security Response Center blog.
Administrators must still fix one flaw in Windows deemed “critical” by Microsoft. The bug can be exploited in remote code execution attacks, according to a Microsoft Security Bulletin Advance Notification revised on Friday.
Microsoft is also planning to release three “important” fixes on Tuesday. Two patches — in Visual Studio and MSN Messenger/Windows Live Messenger — patch bugs that can allow remote code execution. The third patch fixes a privilege escalation bug in Windows Services for UNIX and Subsystem for UNIX-based Applications.
This month's release is scheduled to be the lightest in recent months. Last month, Microsoft fixed 14 flaws — six of which were critical — through eight client-side patches. July's distribution patched 11 flaws with six patches.
A Microsoft official could not immediately be reached for comment.
Eric Schultze, chief security architect at Shavlik, told SCMagazineUS.com today that Microsoft's researchers likely pulled the fifth patch after installation tests.
“[The revision] means it hasn't passed their testing. There is a beta patch test group that will do all of the testing of the security patches about five weeks before they're to be released. Microsoft might give 10 different patches to that group, and then announce that five or six will be released, meaning that four or five were rejected by the beta testers,” he said. “Even after they're announced, they might pull one back because it hasn't performed the way they thought it would after installation.”
Schultze recommended that system administrators use extra time provided by a light patching schedule to ensure their PCs are fixed for daylight-saving time issues.
Microsoft trims one fix from Patch Tuesday roster
By Frank Washkuch on Sep 11, 2007 2:26PM