Patch Tuesday to Address XP Help Bug, Plus Vital Win7 Fixes

Dennis Faas's picture

Microsoft will next week unveil a series of security bulletins meant to address five security flaws. The fixes are part of the company's monthly Patch Tuesday release, and will most importantly fix a critical Windows XP Help Bug flaw in Windows' Help and Support Center.

The series of fixes include four patches for the five vulnerabilities, three of which have been dubbed "critical" by Microsoft -- the company's highest level of alert. Each of these critical issues involve holes that, if exploited, could allow a hacker to launch a remote code execution attack upon an unsuspecting user's PC.

Extraordinary Patch Tuesday Offers Vital Win7 Fixes

Although most Patch Tuesdays are deemed important events, security experts are calling this release particularly vital for IT departments. "Bulletin 2 will have a huge impact as it affects Windows 7 desktop users and Windows 2008 R2 servers, which are Microsoft's most current and widely deployed desktop and server solutions," noted security firm Lumension's Don Leatham. (Source:

"IT departments with Windows 7 and/or Windows 2008 R2 should be ready to prioritize this bulletin."

The fourth patch addresses a slightly less concerning issue rated "important." It involves a bug afflicting Microsoft Office which, if exploited, could allow hackers to install malware from a remote location.

Google Controversy Nearing End With Fix

Of course, the patch that will receive the most attention is the one addressing a Windows Help and Support Center flaw affecting users of Windows XP and Windows Server 2003. Originally reported by Google engineer Tavis Ormandy, the flaw drew media attention because Ormandy offered Microsoft just four days to address the issue before making it public.

Microsoft didn't care for his approach, but some security experts credit Ormandy for forcing the Redmond-based firm to act quickly on the issue. (Source:

Remaining unaddressed for several weeks now, the Help and Support Center flaw could allow a hacker to launch an attack via malicious web page or infected link embedded in an email.

Rate this article: 
No votes yet