Microsoft last week said it will release only two security updates on Tuesday -- down from the 11 issued in October's mammoth Patch Tuesday -- to fix bugs in Windows and Office.

One of the two will be rated "critical," Microsoft's highest threat ranking, while the other will be tagged as "important," the next-lowest rating. Both of the updates will address vulnerabilities that can be used to execute remote code, a description that generally means hackers could leverage the bugs in order to plant their own malicious code on vulnerable PCs, often by convincing users to open a file attachment or tricking them into visiting a rogue Web site.

The most serious of the pair targets one or more flaws in Microsoft XML Core Services, and will require patching all still-supported editions of Windows -- including Windows 2000 , XP, Vista , Server 2003 and Server 2008 -- as well as Office 2003 , Office 2007, SharePoint Server 2007 and Groove Server 2007.

XML Core Services has been patched twice in the past, most recently in August 2007 as part of a 14-fix package that ranked among the biggest that year. XML Core Services is the component that provides interoperability between several scripting languages, including JScript, Visual Studio and XML applications, and lets developers use those languages to access XML documents.

Another flaw in the service was addressed in November 2006 , when Microsoft patched a bug that had been actively exploited before the fix was issued.


More: http://www.pcworld.com/article/153545/article.html?tk=nl_dnxnws