Security Watch

Keeping Track of patches and hacks in the IT security world.

Microsoft to Post 1 Critical Flaw on Patch Tuesday

Microsoft hasn't outpatched itself; it's hitting its normally scheduled April 10 Patch Tuesday with four Windows security bulletins, at least one of which is rated critical, according to Microsoft's Security Bulletin Advance Notification site.

The company on April 3 posted a patch, MS07-017, that it had rushed out to fix a critical flaw in Windows' handling of animated cursor files.

Now, one week later, it will be hitting its regular patch day with the four Windows patches and also a patch for a critical Microsoft Content Management Server vulnerability.

eEye's Zero-Day Tracker is showing three outstanding Windows flaws waiting for patches. One is a flaw of medium severity having to do with Windows MessageBox that has been waiting to be patched for 111 days as of April 5.

Another Windows flaw waiting for a fix is an Internet Connection Sharing DoS in Windows XP that was reported on Oct. 28. That flaw is also of medium severity.

The third Windows flaw is rated of low severity, having to do with RPC memory exhaustion. It's been out there for 505 days as of April 5.

Also on the Zero-Day Tracker are vulnerabilities in three applications: a high-severity vulnerability in CA's BrightStor (reported on March 29), and two medium-severity flaws, one in PowerPoint (reported on Oct. 12) and the other in Microsoft Word 2000 (reported on Feb. 9).