Microsoft To Fix Six Flaws Next Week

In the advance notification posted mid-morning Thursday, Microsoft announced it would roll out five updates for Windows and one that targets Visual Studio, one of the company's development platforms. At least two of the updates will be labeled "critical," Microsoft's highest warning.

Microsoft doesn't disclose the exact components, services, or applications to be patched prior to delivering the updates on the second Tuesday of each month, but only offers clues about what it plans to fix. Some hints can be gleaned from third-party security vendors that track zero-day, or unpatched, vulnerabilities.

eEye Digital Security's new Zero-Day Tracker site, for instance, lists a flaw in Visual Studio 2005 that was first disclosed 37 days ago on Oct. 31. Microsoft posted a security advisory outlining the problem that same day.

eEye also lists several other outstanding Windows vulnerabilities, any of which may be the subject of a Tuesday update. Among them is a 41-day-old critical flaw in Internet Explorer, a 37-day-old bug in the Internet Connection Sharing service, and a 15-day-old vulnerability in Windows Media Player. An unpatched bug in Microsoft Word that's being exploited by attackers will probably not make the cut next week.

The six bulletins expected Tuesday will put the year's total at 77, five more than the previous record of 72 set in 2002.

The updates will be available for manual download from the Microsoft Web site on Tuesday, Dec. 12, at about 10 a.m. PDT. As usual, automatic updates to users' computers will begin shortly after that.