Microsoft Preps Five Windows Patches

Microsofts monthly patch day for December will produce security updates for five vulnerabilities affecting Windows users, the company said Thursday.

In an advance notice, the software giant said the maximum severity rating for the five updates is “important.” Some of the security updates may require a restart.

The prerelease of basic information ahead of the scheduled patch day is a new policy adopted by Redmonds security division to help customers plan for the deployment of updates.

The next batch of patches is due Tuesday, Dec. 14.

While the company isnt releasing specifics on which products will be patched, several well-known flaws have already been publicly reported.

Late last month, Microsoft Corp. confirmed the existence of a code execution bug in the WINS (Windows Internet Name Service) that is used to determine the IP address associated with a particular network computer.

The WINS flaw affects Microsoft Windows NT 4.0 Server, Microsoft Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Server and Windows Server 2003.

The company also is investigating reports from a private research firm that 10 potentially serious vulnerabilities were found in the Windows XP SP2 (Service Pack 2) operating system.

/zimages/2/28571.gifRead more here about Microsofts examination of the SP2 reports.

eEye Digital, which maintains a page of unpatched Windows flaws, reports that two code execution vulnerabilities are on tap from Microsoft.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.