Microsoft Corp. will release six groups of security patches next Tuesday, fixing flaws in its Windows operating system.
The updates will be released as part of Microsoft’s regularly scheduled monthly patch release, and will fix critical flaws in Windows and the company’s XML (Extensible Markup Language) parser, Microsoft said Thursday.
With only six updates, November looks to be a quieter month for systems administrators than October. Last month, Microsoft issued 10 updates, fixing 26 bugs in its Windows and Office software.
The XML update is of particular interest to security experts because hackers have posted code showing how a flaw in the parser could be exploited to run unauthorized programs on a PC.
However, Microsoft gave no indication that it plans to patch this or another recent bug, reported last week in its Visual Studio software. That bug, known as the WMI Object vulnerability could also allow an attacker to run unauthorized code on a victim’s computer.
Because these bugs were reported recently Microsoft has had a narrow window in which to develop patches.
“It wouldn’t surprise me if neither of these are fixed this month, given how little time it seems Microsoft has had to fix them,” said Russ Cooper, senior information security analyst for Cybertrust Inc., via instant message.
Either way, most users are not at great risk from the two bugs, he added. “As far as we at Cybertrust are concerned, both of these issues have been rated as hype,” he said. “There is far more media attention than actual exploitation … or risk.”