Microsoft is to introduce a series of security patches
in its next scheduled ‘Patch Tuesday’ to fix flaws in
Windows.
The updates will be released to address primarily critical
issues with the Windows’s XML parser.
The XML update is likely to be interesting to security experts
because hackers have already posted code showing how a flaw in the
parser could be exploited to run unauthorised programs on a PC.
So far, however, Microsoft has given no indication how it plans
to patch this or another recent bug, reported in its Visual Studio
software. That bug, known as the WMI Object vulnerability, could
also allow an attacker to run unauthorised code on a victim's
computer.
Last month, Microsoft issued 10 updates, fixing 26 bugs in its
Windows and Office software.
Some experts believe Microsoft may put a hold on fixing the XML
and Visual Studio problems because of a lack of time, and a belief
that both vulnerabilities have been unnecessarily hyped. If the
threat is low, Microsoft may wait to release a patch it knows will
work rather than rush out a solution that will then be sliced and
diced by ‘experts’ to prove its utility.
