Eight Microsoft bugs to be fixed next Tuesday

Will they or won't they patch a controversial bug on Tuesday that made news last month as a big-time hacker favorite? Some security experts are saying yes -- that amongst the eight security updates Microsoft will deliver next week (six of them marked "critical,") will be a patch for a Windows Server 2008 vulnerability reported in April.

To be fair, that bug in Windows Server 2008 has had a sketchy history. It was found by Argentinean security researcher Cesar Cerrudo, reports Computerworld. The researcher at first called the bug a design flaw. But after he presented his findings at a security conference Microsoft issued Advisory 951306. In October, Cerrudo posted a proof-of-concept exploit for the months-old vulnerability. The bug allows an attacker to control Windows by running code under any service in Windows Server 2003. Researchers say that the Patch Tuesday bulletin Microsoft marked 'Windows 1' looks like a fix.

All told, two of the eight updates will patch Windows, another two are aimed at Office, while the remaining four target Internet Explorer (IE), SharePoint, Windows Media Player, and Visual Basic and Visual Studio, Microsoft said Thursday in its monthly advance warning of what to expect next Tuesday.

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Also see:

Microsoft patents ... a mere 146 issued so far in NovemberAdvocate says IPv6 will reduce global energy usage10 questions for Small Business Server/Essential Business Server guy, Russ Madlener7 Keys to cleaning up Windows with Windows 717 job-hunting resources for Windows prosGlenn Weadock on Windows Server 2008Library of Windows management tools from A Better Windows Worldall Microsoft Subnet bloggers.bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Subscribe to

Sign up for the

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.