Microsoft to Release Seven Patches including a DNS Fix, Next Week

Patch Tuesday fixes Seven Patch Tuesday fixes will be released next week, which include one for the vulnerability in Windows Server 2000 and 2003 DNS Service, announced Microsoft today.

On the Microsoft Security Response Center Blog, Christopher Budd, security program manager maintained that the software Goliath has encountered no new attacks on the DNS flaw, but it is slated to be fixed.

“The listing of updates slated for Tuesday does include the update we’ve been working on for this issue,” he said, referring to the DNS flaw.

Microsoft gave a maximum severity rating of ‘critical’ to each of the seven flaws.

The release will contain two patches for Windows, three for Office, one for Exchange and one for CAPICOM and BizTalk, according to the advance notification announced by Microsoft today.

Further more, as part of the release; Microsoft will also release an updated version of the Malicious Software Removal Tool, and seven high-priority non-security updates.

Budd has some time back stated that he was extremely certain about the patch releasing on schedule.

Public exploits, including a Metasploit module, were released last month for the flaw, but researchers said attacks were rare because the DNS server is generally not public facing. Intranets are the greatest risk of exploitation.

Researchers also attributed Microsoft for offering easy-to-use workarounds for administrators to protect their networks.

In addition, the software giant is also keeping a close watch on a hacker called shinnai, who started the Month of ActiveX Bugs project this week, revealing exploitable flaws affecting OCX controls in Microsoft Office.

Tuesday’s updates are expected to be available for manual download from the Microsoft website at about 1 p.m. PDT.