Microsoft Plans Two Security Updates, One 'Critical'

Microsoft on Thursday said in a security bulletin that it plans to release on its January 11 "Patch Tuesday" two security updates, one rated critical and the other important.

Both updates will likely require users to restart their systems, Microsoft said.

Microsoft defines critical vulnerabilities as those which "could allow the propagation of an Internet worm without user action."

In this case, the patch identified as critical applies to Windows XP, Windows Vista, and Windows 7. It is ranked important for Windows Server 2003 and Windows Server 2008.

The second patch is ranked important, but only applies to Windows Vista.

Microsoft said it also plans to release an updated version of its Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

The planned issuing of two security patches is a considerably smaller release than the December 14 "Patch Tuesday" action when Microsoft issued 17 patches to fix 40 security flaws. Of the 17 patches, two were ranked critical, including one that fixed a zero-day flaw in IE 6, 7 and 8 already used in active attacks. That was Microsoft's largest patch release to date.