Microsoft Cooking Critical Patch for Vista SP1 and XP SP3

Microsoft plans to release a total of three security bulletins come next week, all focused exclusively on the Windows client and server operating systems. The Redmond company revealed that the latest Windows releases were impacted, including Windows Vista Service Pack 1 and Windows XP Service Pack 3, but failed to provide any indication that would point out to Windows 7 Beta and post-Beta also being affected by the security updates, and the vulnerabilities they are designed to patch. Out of the three patch packages only one is considered as posing the highest level of risk to end users.

“Next week’s bulletin release [is] scheduled for Tuesday, March 10, 2009 around 10 a.m. Pacific Standard Time. As part of this month’s security bulletin release process, we will issue three security bulletins – one rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Microsoft Windows. Depending on the bulletin, a restart may be required. The updates will be detectable using the Microsoft Baseline Security Analyzer. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated,” revealed Bill Sisk, Microsoft Security Response Center Communications manager.

Two of the security bulletins, one Critical and one Important, are designed to patch vulnerabilities in all supported versions of Windows including Vista SP1, XP SP3, Windows Server 2008 and Windows Server 2003. The remaining security bulletin, labeled with a severity rating of Important, will resolve security issues in supported Windows server releases.

Next week, Microsoft will skip plugging a Critical zero-day security hole in Microsoft Office Excel, affecting the 2007 release of the program, which is being actively exploited in the wild. In February 2009, Microsoft confirmed not only the existence of the flaw, but also the existence of attacks targeting the 0-day vulnerability. The Redmond company informed that the Excel issue could allow for remote code execution if a malicious Excel document is executed on a vulnerable machine.