Windows systems administrators will get a handful of patches by Microsoft as part of its scheduled April 11 security update.
In all, the software maker said it is planning to address four Windows security glitches rated as critical, the company’s highest severity rating, while it will also distribute a patch to fix a moderate security risk present in both Windows and its Microsoft Office desktop software.
Among the critical flaws, Microsoft said that one of the patches will be a cumulative Internet Explorer update meant to address the widely publicized CreateTextRange vulnerability in the browser.
Several of the updates will require patched systems to be restarted to solve the issues completely and will be detectable using the firm’s Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
The software giant said that it will release an updated version of its Microsoft Windows Malicious Software Removal Tool via Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
The anti-malware tool will not be made available using the company’s SUS (Software Update Services).
Microsoft said it would also distribute one non-security high-priority update on its Microsoft Update and Windows Server Update Services, but offered no further details of what that release might involve.
eEye Digital, which maintains a Web page with upcoming security advisories currently lists only one unpatched hole in Microsoft products, a denial-of-service vulnerability ranked with medium severity that affects Windows 2000, Windows XP and Windows 2003.
Microsoft officials offered a rare peek into their battle to fight Windows threats earlier this week, recommending that many businesses should consider buying degaussing technologies to wipe computer hard drives clean when they reinstall operating systems in order to recover from malware attacks.
Company officials said that rootkits that use cloak malware programs and maintain an undetectable presence on infected machines have increased in popularity among spyware writers.
Based on the way many of these pieces of code are built, said Microsoft, it may be impossible for IT workers to determine whether or not such rootkits have been fully removed from an infected system.
Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.