In a rare announcement last Friday, Microsoft said it would be releasing security updates on Tuesday July 28th–outside of its monthly patch cycle–for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.
The two security bulletins will address one overall issue and are being released separately “to provide the broadest protections possible to customers,” Microsoft said in a statement.
The vulnerabilities affect Windows 2000, Windows XP, Vista, Windows Server 2003 and 2008, Internet Explorer 6, 7 and 8, Microsoft Visual Studio .NET 2003, Visual Studio 2005 and 2008 and Visual C++ 2005 and 2008, according to the security bulletin advance notification available here:
http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
“While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications,” the statement said. “The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin.”
“The Internet Explorer update will also address vulnerabilities rated as critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported,” Microsoft said.
Customers who are current with their security updates are protected from known attacks related to these updates. The updates will be released through the Microsoft Update, Windows Update, and Windows Server Update services.
Webcasts to address customer questions are currently scheduled to be held on Tuesday at 1 p.m. and 4 p.m. PDT. If you want to take advantage of either webcast, go to the link below to pre-register.
http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
If you miss a live webcast, they will be available afterwards to view on demand.
Microsoft typically releases security patches on a monthly basis, the second Tuesday of every month, and did not say why it is making this rare, out-of-band release. We can only assume that these security holes are serious enough to cause big problems if not patched immediately.
Let’s wait and see what happens over the next few weeks because there are always end users, who for whatever reason, do not install the critical updates and are adversely affected by an attack of some kind.
