Critical update due for Microsoft’s Patch Tuesday


6 Mar 2009

One critical update and two others labelled as ‘important’ (the second most serious on the severity rating) are due for release on 10 March, which is otherwise known as Microsoft’s Patch Tuesday.

The critical update – available on Tuesday from the Microsoft Download Centre – is to patch a vulnerability that could allow hackers to remotely infect a target computer with malicious code execution.

The remaining two fixes will counteract what Microsoft labels as ‘spoofing’ attacks. A spoofing attack, Microsoft said, is “designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate.”

These updates will affect those using Windows 2000, XP, Vista, and both Windows Server 2003 and 2008.

One bug that will not be fixed by these three updates is a potentially serious vulnerability in Microsoft’s Office Excel.

Although Microsoft acknowledged this on 24 February, saying that “Excel that could allow remote code execution if a user opens a specially crafted Excel file”, presumably the fix will not be ready and fully tested for this month’s Patch Tuesday.

By Marie Boran