Ngày Thứ Ba Đen Tối sắp đến
- One Microsoft Security Bulletin affecting Microsoft XML Core Services. The highest Maximum Severity rating for this is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates will require a restart.
- Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
- New "Malicious Software Removal Tool"
- 2 additional "non-security high-priority updates" will be released, but only on Microsoft Update and WSUS
Lại sắp bận rộn rồi!
Over the past several months news of exploits targeting previously undocumented flaws in Windows and other Microsoft applications have surfaced within hours of each Patch Tuesday. Today, less than 48 hours after Microsoft released a record number of security updates, comes the release of exploit code for yet another Office flaw, this one apparently targeted at PowerPoint files in Office 2003 (no, I'm not going to link to the site hosting the exploit code).
As I've noted before, the Patch Tuesday/Exploit Wednesday (or Thursday) phenomenon gives bad guys the maximum amount of time to use exploits in the wild before Microsoft gets around to its next patch cycle. Redmond occasionally breaks out of that cycle for especially serious or high-profile attacks on unpatched flaws; it has done so twice this year, though neither of those emergency patches dealt with an Office vulnerability.