http://img165.imageshack.us/img165/2964/billgatesfb4.jpgMicrosoft plans five updates for Windows and one for XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.

Microsoft Corp. announced Thursday that it will release six security updates next week, including at least one to fix a vulnerability that attackers are already actively exploiting.

In the advance notification posted on its Web site mid-morning Thursday, Microsoft said it would release five updates for Windows and one targeting XML Core Services. At least two of the updates will be labeled "critical," Microsoft's highest warning rating.

Typically, the Redmond, Wash. developer doesn't disclose the exact components, services, or applications to be patched prior to delivering the updates on the second Tuesday of each month. But the fix for Microsoft XML Core Services, a flaw that's currently being attacked by hackers, was specifically called out in the advance alert.

Last weekend, Microsoft acknowledged that a bug in an ActiveX component of Microsoft XML Core Services 4.0 was being exploited; in a blog entry, a Microsoft Security Response Center program manager characterized the attacks as "limited."

One of the 11 October patches supposedly fixed a problem in XML Core Services, but at least one vulnerability was apparently missed then, said Minoo Hamilton, senior security researcher with patch management vendor nCircle, on Monday.

Other yet-to-be-patched flaws have been reported by Microsoft, including a bug in an ActiveX control in Visual Studio 2005. Several vulnerabilities in Internet Explorer, including IE 7, have also been disclosed recently.

Last month, Microsoft unveiled 10 updates, but the month before it rolled out only three. The six scheduled to land next week, however, will push the year's total to 71, just one shy of the all-time record of 72 security fixes in 2002.

The updates will be available for manual download from the Microsoft Web site on Tuesday, Nov. 14 at approximately 10 a.m. PDT. Automatic updates to users' computers will begin shortly after that.

oooo another black Tuesday bit like Smallville's dark Thursday.

:source: Source: http://www.informationweek.com/security/showArticle.jhtml?articleID=193700248

Nothing is perfect. Go Microsoft!

wow!!!!

Microsoft Corp. announced Thursday that it will release six security updates next week, including at least one to fix a vulnerability that attackers are already actively exploiting.
Wow people are already exploiting it and microsoft is waiting until next week to release...

Still waiting for IE7 and WMP11 (Dutch) :frusty:

I mean hackers can have up to a month to exploit these holes. Microsoft are soooooo slow.

I mean hackers can have up to a month to exploit these holes. Microsoft are soooooo slow.

there not slow. They have to check if the patch works 100% and patching once a month is easier for businesses.
I've read somewhere that Microsoft is faster then any/most other OS when it comes to fixing security flaws.

there not slow. They have to check if the patch works 100% and patching once a month is easier for businesses.
I've read somewhere that Microsoft is faster then any/most other OS when it comes to fixing security flaws.

agree with you on the first 2 points. It really is a large operating system and a small change to fix a security hole may break something so testing is needed.

having patch tuesday is great for businesses they can easily sort out testing and installing of patches on a regular basis. This does cause a massive problem where malware writers and crackers are starting to release their wares straight after patch tuesday to maximise the time they have. Microsoft seemed very reluctant to break the patch tuesday cycle even when there was a critical whole in internet explorer actively being exploited.

I really dont think microsoft are at all quick in releasing fixes compaired to open source competition i would love to read the article that claimed that.

finally