Microsoft previews a quiet May Patch Tuesday
Four bugs to be fixed as part of its monthly patching cycle, with three rated 'critical' and affecting a wide range of software.
Microsoft has issued its Patch Tuesday preview, warning of four security updates next week.
Three of the patches are rated 'critical,' and relate to patching Windows, Word, Publisher as well as all of the vendor's anti-malware applications.
It's thought the critical patches will address vulnerabilities in Microsoft's word processor and desktop publishing software, while the third will likely address a bug that's existed in Microsoft's Jet Database Engine that can be traced back to 2005.
Microsoft itself only acknowledged they were critical bugs affecting the Windows component that provides data access to applications such as Microsoft Access and Visual Basic on 22 March. In a security advisory it said it had heard "public reports of very limited, targeted attacks" using Word documents to trigger the Jet Database bug, but later admitted it had not patched it sooner because it thought it already blocked the most obvious attack vectors.
In a Microsoft Security Response Centre (MSRC) blog posting, group operations manager, Mike Reavey said it might replace the version of Jet in Windows 2000, XP and Server 2003 SP1 to fix the flaws. But the Jet Database Engine included in Windows Vista, Windows Server 2003 SP2 and the just-released Windows XP SP3 is not vulnerable.
The pre-patch notice confirmed that the database update will replace Jet in Windows 2000, XP SP2 and Server 2003 SP1.
The only non-critical patch Microsoft said it would release will fix flaws in its anti-malware consumer and enterprise products. Microsoft called the flaw a "denial-of-service issue" in Antigen, Forefront Security, Windows Live OneCare and Windows Defender.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The security updates will replace the pre-patch notice next Tuesday 13 May around 1pm Eastern time (6pm BST).
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.