Microsoft offered some advance notification Thursday that it would unveil five security bulletins on Tuesday, April 11, among them a fix for the Internet Explorer vulnerability that has been exploited for weeks.
Four of the five will affect Windows, and at least one will be tagged "critical," Microsoft's highest-level warning. The fifth will resolve an issue in Microsoft Office that the Redmond, Wash. developer has judged as a "moderate" problem.
At the same time, the company also will roll out a refreshed edition of its malware cleaning utility, Windows Malicious Software Removal Tool.
One of the Windows quartet will patch the "createTextRange" vulnerability that was first disclosed two weeks ago, and which has been used by attackers to plant spyware, adware, keyloggers, and Trojan horses on duped IE users.
At one time, some security experts expected Microsoft would release the IE patch early, or "out-of-cycle." It appears not.
"One of the Windows bulletins will be the cumulative Internet Explorer update that will address the 'CreateTextRange' vulnerability," said Stephen Toulouse, program manager at Microsoft's Security Response Center, on the MSRC's blog. "Our test and engineering plan for that update that we began two weeks ago is on track to have that update ready for Tuesday…[and] the IE team is still hard at work."
As is its practice, Microsoft gave no details about the bugs, bulletins, or fixes in the advance notification posted mid-day Thursday.
April's security bulletins will be available for manual download from the Microsoft website, and will be pushed to users via the company's automated update services and programs, which include Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services.
Last month, Microsoft provided only two patches. As of next week, Microsoft will have filed 17 bulletins, 6 fewer than at the same time last year.
UKFast is not responsible for the content of external Internet sites.