Microsoft Schedules Eight Bug Fixes Next Week

In the advance notification posted Thursday, Microsoft announced it would issue three updates for Windows, three for its Office productivity suite, one that affects both Windows and Office, and another that impacts both Windows and the Visual Studio development platform. At least two of the updates will be labeled "critical," Microsoft's highest warning.

As is its practice, Microsoft did not disclose details of the updates, but only offered clues about what it plans to fix. Some hints, however, can be gleaned from third-party security vendors that track zero-day, or unpatched, vulnerabilities.

According to eEye Digital Security's Zero-Day Tracker, three bugs in Microsoft Word and one in PowerPoint remain unpatched, while two more in Windows and another in Internet Explorer need fixing. One of the Windows zero-days was acknowledged by Microsoft only on Dec. 22, and affects all supported editions of Windows, including the not-yet-released-to-retail Windows Vista. It's possible that a fix for this MessageBox bug may be among the updates released Jan. 9.

A rival list of missing patches kept by the SANS Institute's Internet Storm Center organization shows 10 Microsoft bugs outstanding.

The updates will be available for manual download from the Microsoft Web site Tuesday at about 10 a.m. PDT. As usual, automatic updates to users' computers will begin shortly after that.