Microsoft Corp. will issue six security updates next week for Windows, Internet Explorer, Outlook Express, Windows Mail and Visio, the company announced today using its new expanded format for advanced warnings.

    Four of the six bulletins scheduled for Tuesday, June 12, will be ranked "critical" -- Microsoft's highest threat rating -- while one each will be labeled "important" and "moderate." Half of the batch affect Windows Vista, or one of its components, such as Internet Explorer 7 or the Windows Mail e-mail client; of the three Vista patches, two are denoted critical.

    The advanced notification pinned Windows with three updates, Internet Explorer with one, Outlook Express and Windows Mail with one, and Visio 2002 and Visio 2003 with one.

    This was the first early warning in the new, more detailed format that Microsoft promised last month when it said customers asked for additional information to plan their patching schedules. Each of the six expected updates was recapped with a short description, severity rating, description of potential impact, whether the Baseline Security Analyzer will detect patch need, and the affected software.

    Even with the new information, it was impossible to predict all of Tuesday's results in advance. Microsoft's Visio 2002 and Visio 2003, for example, have no known unpatched vulnerabilities, so the bug was either found internally by Microsoft or reported privately to the company. Likewise with the Outlook Express/Windows Mail patch; Secunia ApS lists no known bug capable of remote code execution.

    The improved clues, however, pointed to at least one open Windows bug. eEye Digital Security reported a remote code vulnerability in Windows 2000, XP, and Server 2003 to Microsoft in late March; those characteristics match one of the six bulletins planned for next week.



Source - ComputerWorld