Microsoft's "Patch Tuesdays" are unlikely to be the same starting in October, when the company will shift to a more consultative approach with third party vendors to its regular security update process. But the company created something of a bang on August 12th with six critical and five important patches. Critical vulnerabilities are those that could render the user's PC susceptible for a remote takeover by hackers.
Microsoft's August security bulletin covers critical vulnerabilities covering Microsoft Access 2003 (MS01-041) and Word 2003 (MS08-42), plus Excel 2000 (MS08-043) and Internet Explorer (MS080-045), our sister site, AccountingWEB.co.uk, reports.
The final critical vulnerability affects the Microsoft Image Color Management system for Windows 2000, Windows XP, and Windows Server 2003 (MS08-046). Security experts such as McAfee report that some of these weak points are being targeted in the wild.
As Stewart Twynham explained last year, Patch Tuesdays are inconvenient, but quick application of the patches is recommended to keep your systems secure.
But come October, the great unveiling of the monthly will become less dramatic, as Microsoft has set out plans for the Microsoft Active Protections Program (MAPP) that will share vulnerability details under non-disclosure terms with a community of Microsoft partners. The idea is that these partners will be able to patch their own products against the vulnerabilities before Microsoft officially announces their existence.
The shift has come about partly because Microsoft feared the Patch Tuesday rigmarole was perpetuating security fears and giving hackers a window during which they could try to exploit vulnerabilities before users and developers applied the published patches.
A new Microsoft Security Research Center Ecosystem Strategy blog details the new arrangements, which include a monthly "exploitability index" to identify the most dangerous threats and a community-based approach to sharing information with trusted MAPP partners each month.