August 07, 2008, 4:30 PM — August will be a big month for Microsoft security patches, as the company said it plans to release 12 updates, seven of them critical, on Patch Tuesday next week.
The critical patches affect Windows, Internet Explorer, Access, Windows Media Player and Microsoft Office. Updates for Office, which has kept Microsoft busy with security updates lately, include individual patches for PowerPoint and Excel.
Microsoft also will release five patches rated important, four of which affect Windows and one of which affects Office. Two of the Windows patches also affect other software -- one is for Outlook Express and Windows Mail, and the other affects Windows Messenger.
Older versions of Windows are mainly affected by the critical patches, including Windows 2000, Windows XP and Windows Server 2003. Microsoft tends to rate patches for older versions of its software more critical than newer versions.
The latest version of the Windows client OS, Windows Vista, will get two important patches; however, Internet Explorer 7 and Windows Media Player 11, which run on Vista, will get one critical patch each.
Patch Tuesday, the second Tuesday of every month when Microsoft releases its security updates, has had a light load for the past couple of months, with Microsoft releasing five critical patches in July and three in June.
More information about Tuesday's updates can be found on Microsoft's Web site.
Microsoft has been giving users and security researchers a glimpse of security updates each Thursday before the Tuesday monthly patch releases. In October, it will begin giving security vendors even earlier access to technical details of monthly security patches before the software updates are released.
The company's goal with the new initiative, called the Microsoft Active Protections Program (MAPP), is to give the companies that write attack-blocking code a cushion as they write and test their security software, Microsoft said this week.
To qualify for the program, companies must sell commercial Windows security products and have a large customer base. Sellers of attack-based penetration testing tools are not invited to join the program, Microsoft said.