November 9, 2006 12:31 PM PST

Microsoft to patch zero-day XML flaw

Microsoft on Tuesday plans to issue six security bulletins, including at least one with a fix for a security vulnerability that is actively being used in cyberattacks.

As part of its monthly patching cycle, Microsoft will release a bulletin with a "critical" fix for a security hole in its XML Core Services software, the company said in a note on its Web site Thursday. The vulnerability is a so-called zero-day flaw that's already being exploited for attacks.

The other five security bulletins will deliver updates for Windows, some of which will be rated "critical," Microsoft said. Security companies are tracking several flaws in the operating system and in its Web browser component, Internet Explorer, that have yet to be put right.

Microsoft did not specify how many vulnerabilities in total its security updates will tackle, or say which components of Windows are being repaired. Additionally, the company appears to have no patch ready for a flaw in Visual Studio 2005, which is also already being used in attacks.

Last month, the software maker delivered 10 security bulletins, six of which were deemed "critical," the company's most serious risk rating. Critical vulnerabilities typically can allow a worm to spread or allow a Windows system to be fully compromised with minor or no interaction from the person using it.

Also on Tuesday, Microsoft will release an updated version of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers.

The company gave no further information on the upcoming bulletins, other than stating that the fixes may require restarting the computer or server.

See more CNET content tagged:
flaw, XML, security, Microsoft Corp., Microsoft Windows

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.