Microsoft will release three sets of security updates next Tuesday, fixing at least one critical bug in its Windows operating system.
The software vendor said Thursday that the most serious of these updates fixes a bug that could be used to install malicious software on a victim’s computer on any supported version of Windows. The other two Windows updates fix flaws that are not considered to be quite so dire, and one of these two important fixes does not affect Windows XP or Vista users.
Microsoft releases its security updates on the second Tuesday of each month, and it gives customers advance notification of what patches are coming the Thursday before they are released.
This month’s early notification makes one thing clear: A highly publicized Excel bug that has been used in a small number of targeted attacks will not be patched this month.
Given that the Excel bug was reported to Microsoft just weeks ago, it’s not surprising that Microsoft has not had time to fully test and release a bug-fix, said Andrew Storms, director of security operations with security vendor nCircle. Still, the fact that users will have to wait another month for protection is “disappointing,” he said via instant message.
Microsoft has a couple of other software bugs to fix in addition to the Excel issue. In December, the company acknowledged a security issue in its WordPad Text Converter that affects older versions of Windows.
There is also another unpatched Windows issue that has been lingering since April of last year. Storms said it’s possible that Microsoft could fix that vulnerability — which allows attackers to get elevated user privileges on a victim’s system — next week.