MS Addressing Google-Exposed Flaw Next Week

Next week Microsoft is slated to address a zero-day vulnerability in Windows XP that was recently discovered by Google engineer Travis Ormandy. As reported earlier, Ormandy went public with his findings after Microsoft would not provide a definite timeline for addressing the issue. Because of Ormandy's actions, more than 10,000 Windows XP PCs were hacked since the CVE-2010-1885 exploit went live. Microsoft said that the company was only given five days notice.

Nevertheless, Microsoft is addressing the issue next week on Patch Tuesday, July 13. The fix--dubbed as Bulletin 1--will be one of four issues Microsoft will address, and one of two critical patches that applies to the Windows platform. The second Windows patch--dubbed as Bulletin 2--will fix a vulnerability in Windows 7 64-bit and Windows Server 2008 R2's canonical display driver. The issue was announced back on May 18, reporting that the vulnerability could allow for remote code execution.

The remaining two patches in next week's update will address issues with Microsoft Office 2002, 2003, and 2007. As seen in the list below, Bulletin 3 will address issues with Access 2003 Service Pack 3, Access 2007 Service Pack 1 and Access 2007 Service Pack 2. Bulletin 4 will focus on Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 3, Outlook 2007 Service Pack 1 and Outlook 2007 Service Pack 2.

Here's the full list:

Bulletin 1

  • Windows XP Service Pack 2 (Critical)
  • Windows XP Service Pack 3 (Critical)
  • Windows XP Professional x64 Edition Service Pack 2 (Critical)
  • Windows Server 2003 Service Pack 2 (Low)
  • Windows Server 2003 x64 Edition Service Pack 2 (Low)
  • Windows Server 2003 with SP2 for Itanium-based Systems (Low)

Bulletin 2

  • Windows 7 for x64-based Systems (Critical)
  • Windows Embedded Standard 7 for x64-based Systems (Critical)
  • Windows Server 2008 R2 for x64-based Systems (Critical)

Bulletin 3

  • Microsoft Office Access 2003 Service Pack 3 (Critical)
  • Microsoft Office Access 2007 Service Pack 1 (Critical)
  • Microsoft Office Access 2007 Service Pack 2 (Critical)

Bulletin 4

  • Microsoft Office Outlook 2002 Service Pack 3 (Important)
  • Microsoft Office Outlook 2003 Service Pack 3 (Important)
  • Microsoft Office Outlook 2007 Service Pack 1 (Important)
  • Microsoft Office Outlook 2007 Service Pack 2 (Important)
Create a new thread in the US News comments forum about this subject
This thread is closed for comments
21 comments
    Your comment
    Top Comments
  • Teen GeekMicrosoft is quick. How long does Apple takes to issue a security patch?

    There are no security patches because the OS is 100% secure. If your computer is infected, you shouldn't have downloaded that virus/visited that website/inserted that thumbdrive/connected to the internet/plugged in your mac/held it that way.

    Duh.
    15
  • Other Comments
  • Microsoft is quick. How long does Apple takes to issue a security patch?
    1
  • Teen GeekMicrosoft is quick. How long does Apple takes to issue a security patch?

    There are no security patches because the OS is 100% secure. If your computer is infected, you shouldn't have downloaded that virus/visited that website/inserted that thumbdrive/connected to the internet/plugged in your mac/held it that way.

    Duh.
    15
  • On another note, I think it was a pretty dick move to release a exploit because Microsoft didn't tell you when a patch was coming out. I'm guessing they didn't know what the problem was to patch it. I'm not sure how releasing the flaw to the public will help the millions of Windows users who could have been affected. I mean, did he at least include his own security solution, or did he Rush-Limbaugh the job and just complain about how someone else was doing it wrong, and not offering any of his own suggestions?
    0