[ISN] Microsoft To Release Just One Patch Tuesday

[InfoSec News]

http://www.informationweek.com/story/showArticle.jhtml?articleID=173403261

By Gregg Keizer 
TechWeb News 
November 4, 2005

Microsoft will release one critical security bulletin next Tuesday,
Nov. 8, in its monthly patch program, the company said Thursday.  

The bulletin, which by Microsoft's numbering system will be dubbed
"MS05-053," affects Windows, said the developer's advance notification
posted [1] on the Microsoft site.

"The maximum total severity rating for this month is Critical, so
please update systems as soon as possible when the bulletin is
available this coming Tuesday," wrote Stephen Toulouse, the head of
Microsoft's Security Response Center (MSRC), on the group's blog
Thursday.

Other than that, Microsoft was mum, but according to vulnerability
researchers at eEye Digital Security, there are currently at least
eight flaws in Windows that have not been fixed, including ones
reported to the Redmond, Wash.-based developer as long ago as March
29, 2005.

Microsoft also said that on Tuesday it would release a pair of
high-priority, but non-security-related updates to Windows, as well as
reissue its Windows Malicious Software Removal Tool.

If November's patch schedule goes according to plan, it will be a
dramatic drop-off from the nine security bulletins rolled out in
October; those bulletins fixed a total of 14 vulnerabilities.

It might also give MSRC a chance to catch its breath. Since the
October bulletins' release, the security center has notified users
that one patch broke some Web sites when viewed with Internet
Explorer, clarified one Windows 2000 patch, and explained why another
was buggy.

As is usual, Microsoft will host a follow-up Webcast next week, Nov.  
9, to answer questions about the fixes.

[1] http://www.microsoft.com/technet/security/bulletin/advance.mspx