Microsoft to Patch Just 1 Critical Vulnerability in Vista SP1 and XP SP3

Microsoft plans to patch a single critical vulnerability impacting Windows Vista Service Pack 1 and Windows XP Service Pack 3 next week. The update will be released as an integral part of the company's monthly patch cycle scheduled for release on November 11, 2008. It will be an easy month for Microsoft, as the company will plug just one additional security vulnerability, compared to October, when the Redmond giant issued no less than 11 patches.

“As part of our regularly scheduled bulletin release, we’re currently planning to release two security bulletins, one Microsoft Security Bulletin affecting Microsoft Windows/Microsoft Office rated as Critical, and one affecting Windows rated as Important,” revealed Bill Sisk, Microsoft Security Response Center Communications Manager.

Also in October, on top of the 11 security updates made available, Microsoft also delivered an out-of-band patch MS08-067, rushing to resolve a security issue with the Server Service which was actively exploited by malware in the wild. According to the company, the Critical flaw which will be fixed next week affects the Microsoft XML Core Services, versions 3.0, 4.0 and 6.0 in Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows Server 2008.

The security flaw considered Critical by Microsoft impacts not just Windows client and server releases, but also the Office system, with examples such as Office 2003 SP3 and Office 2007 SP1. The remaining vulnerability, labeled with a severity rating of Important, affects only the Windows platform, also including Vista SP1 and XP SP3, but Microsoft offered no additional information related to this vulnerability.

“We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS),” Sisk added.