Microsoft announced today that it will provide 4 security updates next week to patch 5 security vulnerabilities in Windows and Office, including an error that Google took public research worker a month ago.
Since expected, the slate for next Tuesday, relatively short, Microsoft has sold alternating small and large series of patches, updates with the largest amphibious assault in months pairs. In June, for example, gave the company 10 ballots that patched 34 cases linking security vulnerabilities. collection in May, meanwhile, totaled only two newsletters fixed two errors.
"This month is the light, and would have been even easier if Tavis had not forced that [they move faster than their standard patch his] vulnerability," said Wolfgang Kandeke, CTO of Qualys.
Kandeke was Tavis Ormandy, Google Security Engineer allows the attack code in early June, published figures for an error in Windows XP Help and Support Center, a feature that allows users to access and download files from related assistance from Microsoft's web, and can begin to be used by technical support remote support tools on a local PC. The error, Microsoft announced today, also affects Windows Server 2003.
Ormandy was the center of controversy since he publicly announced the vulnerability five days after notice when he said, Microsoft would not commit to patch a time.
While some researchers have criticized the security Ormandy for admission of error in public, others rose to his defense, blasting Microsoft and the press - including the world's computers - to connect Ormandy his employer, Google.
used last week a group of anonymous researchers who rejected the Microsoft Research group (AMSC) - an allusion to the short cut through the team-team Microsoft bug investigation - has responded by publishing information on a vulnerability unpatched security in Windows Vista and the server called the 2008th Group released its report errors because of what they said Microsoft was "hostility towards security researchers," and cited the incident the latest example Ormandy.
"It shows that Microsoft can move quickly when necessary, said the speed of clogging Kandeke Microsoft.
According to Jerry Bryant, a group with Microsoft Security Response Center, the company was ahead of their investigation when Ormandy went public. Ormandy contacted Microsoft on June 5, and two days later, Bryant said, Microsoft told him he could not speak a calendar patch by the end of the week.
"We were in the early stages of the investigation, when information was released on June 9 issue," Bryant said in an e-mail Thursday. "At the end of this week to try our plan summer, and slide it into [August, the release cycle, but] we are accelerating our efforts if the risk to customers increased by active attacks. "
Hackers create vulnerability to run faster, attacks, five days after the error has been made public Ormandy. Last week, said she had 15th attacks Microsoft bug acts assistance against more than 10,000 computers since June persecuted.
Bryant also the fact that the credit Ormandy bug that two versions of Windows can hit to release a patch in five weeks.
Microsoft month pre-registration described next week update: Three of the four updates are considered "critical", the company will be the highest threat ranking, while the fourth will also one day "important", the next step down.
Even a patch to another bug is already recognized in the 64-bit versions of Windows 7 and Windows Server 2008 R2. Microsoft has confirmed that the errors in mid-May
The two updates of Windows is designed to be crucial when an update for Office will also be essential, the other equally important. The Office updates plug holes in Access and Outlook, database facilities and mail clients, or.
Tuesday is the last update for Windows 2000 and Windows XP Service Pack 2 (SP2) be, both of which will support security that day in retirement.
Microsoft is the four updates at approximately 1:00 ET release July 13.
