MS Patch Day: Six Bulletins on Deck

The August batch of patches will include fixes for a denial-of-service flaw in Windows XP and other holes in the Windows operating system.

Microsoft plans to release six security bulletins on Aug. 9 to fix a range of potentially serious Windows vulnerabilities.

Some of the vulnerabilities carry a maximum severity rating of "critical," meaning they could put Windows machines at risk of an Internet worm, even without any user action.

As is customary, the software maker isnt providing any details until the bulletins are posted.

In an advance notice, the companys Security Response Center said the updates will require a restart and will be detectable using the MBSA (Microsoft Baseline Security Analyzer) tool.

/zimages/5/28571.gifClick here to read more about a workaround for the XP vulnerability.

In addition, Microsoft plans to release one non-security update for Windows and a refresh of its malware removal tool to add detection for new virus and worm variants.

It is already known that a fix for a denial-of-service flaw in Windows XP will be included in the August patch batch.

/zimages/5/28571.gifClick here to read about an unpatched code execution flaw in Internet Explorer.

Microsoft has already acknowledged the flaw and released a pre-patch advisory with workarounds. The company confirmed a public warning that an attacker could send a specially crafted RDP (Remote Desktop Protocol) request to an affected system to cause a system crash.

However, because services that use RDP are not enabled by default in the operating system, the damage is somewhat limited to users who enable Remote Desktop to create virtual sessions onto their desktop computers.

Remote Desktop is a feature that allows XP users to remotely control computers from another office, from home or while traveling.

Patches for a range of code execution flaws in Internet Explorer could also be on tap. eEye Digital Security, a security research outfit, has published a list of seven unpatched vulnerabilities in Microsoft products, including several "high risk" flaws in IE, Outlook and Windows.

One of the unpatched IE vulnerabilities reported by eEye is 66 days overdue.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.