Microsoft to release three on Superpatch Tuesday (10Th Aug 2005)

As part of its monthly patching cycle, Microsoft plans to release three security alerts on Tuesday for flaws in Windows and Office. Two of the security bulletins apply to Windows, and at least one of them is deemed "critical", Microsoft's highest risk rating, the company said in a notice posted on its website on Thursday. Its Office productivity suite will get one bulletin, also rated critical.

The notice did not specify whether one of the patches will be for Internet Explorer. Microsoft earlier this week offered a workaround for a known flaw in the web browser that opens the door for intruders to crash IE and run arbitrary code.

Microsoft said it will also issue a "high-priority" update for Office that is unrelated to security on Tuesday. In addition, that day is tagged for the release of an updated version of the Windows Malicious Software Removal Tool, which detects and removes malicious code placed on computers, the company said.

The company gave no further information on Thursday's bulletins, other than stating that some of the Windows fixes will require restarting the computer, as may the Office update.

Re: Microsoft to release three on Superpatch Tuesday

Microsoft has just posted their Superpatch security patch bulletin for August. Update: Microsoft has just pulled several of the patch downloads from their site pending a re-release.

Here's a brief summary of the "critical" and "important" level vulnerabilities as last seen before they disappeared:
MS05-038: Cumulative Security Update for Internet Explorer (896727) Critical
Vulnerabilities exist in Internet Explorer, the most severe of these could allow an attacker to take complete control of an affected system.

MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) Critical
A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) Critical
A vulnerability exists in the Print Spooler service that could allow remote code execution.

MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) Important
A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution.