Microsoft has released a revamped, more in-depth advance
notice on what IT administrators can expect for
security patches next week.
If nothing changes between now and Tuesday, six security
bulletins will be released to address
flaws in Windows 2000, XP and Vista; Internet Explorer (IE) 6
and 7; Microsoft Office; Outlook Express and Windows Mail.
In the
advance notice on Microsoft's TechNet site,
the software giant said it intends to release four critical
updates for Windows, IE, Outlook Express and Windows Mail, which
comes with Vista. Microsoft said attackers could exploit all the
critical flaws to launch malicious code remotely, and several of
them affect IE 7 on both Windows XP and Vista.
One "important" update will address flaws in Microsoft Office
and Visio communication suite. Though it's not rated critical,
Microsoft said this issue could also be used by an attacker to
launch malicious code remotely.
One "moderate" update will address an information disclosure
flaw in Vista, Microsoft said.
As it does every month, Microsoft will also update its Malicious
Software removal tool and hold a
Webcast on the June patches on Wednesday.
Meanwhile, Microsoft plans to release seven non-security,
high-priority updates on Microsoft Update (MU) and Windows
Server Update Services (WSUS).
It remains to be seen if Tuesday's patches will address some
zero-day flaws that have surfaced since the May updates.
Earlier this week, vulnerability researcher
Michael Zalewski published details of four new
zero-day flaws in both Firefox and Internet Explorer (IE)
attackers could exploit to log keystrokes, download malware and
steal cookies.
And last month, Microsoft confirmed it was looking into reports
of a new
Office zero-day flaw attackers could exploit
to cause a denial of service or run malicious code on targeted
Windows machines.
Microsoft recently announced changes to its
update process, adding new details about upcoming security
updates in its Advance Notification Service, which is issued
every Thursday before Patch Tuesday.