Critical XML Core Services bug sounds similar to a pair of exploited flaws from '06
August 09, 2007 (Computerworld) -- Microsoft Corp. today said it will release nine security updates next Tuesday, half again as many as last month, targeting flaws in Windows, Office, Internet Explorer and Virtual PC.
Of the nine bulletins expected Aug. 14, six will be labeled "critical," Microsoft's highest rating, with the remaining three ranked "important." Vulnerabilities slated to be fixed by eight of the nine updates, however, have been pegged as remote code executable, a sure sign that the bugs are very dangerous, and if exploited, could easily allow a PC to be hijacked by hackers.
Microsoft Windows, including Vista, will be the focus of four of the nine updates, with one of those Vista fixes pegged critical. Other critical patches will be provided for Microsoft Office in general, Excel in particular, Visual Basic 6.0 and IE, the company's market-leading browser. Of the bulletins labeled important, fixes will be issued for Windows Vista, Windows Media Player, Virtual PC and Virtual Server and IE.
Vista is especially hard-pressed in the advance notification, which Microsoft posted to its security site early today. Five of the nine, or just over half, of the updates patch Vista or a component of the new operating system, such as IE7 or Media Player 11.
Four nonsecurity updates that Microsoft considers "high priority" will also post next week via Windows Update, Microsoft Update and Windows Server Update Services. The note did not hint, however, whether the two Vista hot fix packs now available for manual download will be among that group; Microsoft has promised that the performance and reliability hot fixes will offered up through Windows Update, but has refused to say when.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=windows&articleId=9029883&taxonomyId=125
