Microsoft Plans 12 Security Fixes For Aug. 12 'Patch Tuesday'

Microsoft on Thursday said that it will release 12 security updates Aug. 12 as part of its regularly scheduled patch day.

The company's upcoming Security Bulletin is scheduled to include seven fixes rated "critical" and five rated "important."

The affected software with "critical" vulnerabilities includes Windows, Internet Explorer, Media Player, Access, Excel, PowerPoint, and Office. Programs with "important" vulnerabilities include Windows, Outlook Express, Messenger, and Office.

In a prepared statement sent via e-mail, Don Leatham, director of solutions and strategy at Lumension Security, said that Microsoft's August patch will keep IT departments busier than they were handling its July patch.

Leatham urged IT teams to make sure they have determined whether they need to update Windows Server Update Services, as per Microsoft's recent advisory. And he said that IT teams that have not yet deployed Microsoft's DNS update should make that a priority, given the existence of public exploit code.

At the Black Hat conference this week, Microsoft announced several initiatives aimed at improving communication channels among Microsoft, third-party security vendors, and its business customers. These include the Microsoft Vulnerability Research program, which formalizes how Microsoft reveals vulnerabilities its researchers find in third-party software; the Exploitability Index, an assessment of the likelihood that exploit code will become available following the issuance of Security Bulletins; and the Microsoft Active Protections Program, a plan to share vulnerability information about Microsoft products with third-party vendors before that information is released to the public.

In a recent interview with InformationWeek, Mike Reavey, security program manager for Microsoft Security Response Center, said that data from Microsoft's malicious software removal tool indicates that Windows Vista machines have 60% less malware than PCs running Windows XP.

Even so, Microsoft may not want to crow too much about Windows Vista. Researchers at the Black Hat conference this week presented ways to bypass several Vista security mechanisms.