• silicon.com
• Technology
• Security

By silicon.com, 11 October 2006 09:20

NEWS

Microsoft on Tuesday released a slew of patches for Windows and Office but a glitch prevented the company from pushing the updates out automatically.

The patches, which include critical fixes for both Office and Windows, can be manually downloaded from Microsoft's website, and the company said its technical teams "have been working around the clock" to solve the updating problems.

The software maker said: "Due to technical difficulties experienced on the Microsoft Update platform, security updates released today are not currently available via Microsoft Update, Automatic Updates, Windows Server Update Services or Windows Update v6."

Microsoft had said last week to expect 11 patches. However, a representative for the software maker said on Tuesday a planned critical Windows patch "did not meet the quality bar" and so was not issued.

Tuesday's 10 security bulletins, which include six critical fixes for both Office and Windows, are designed to address more than two dozen flaws in Microsoft's software - the largest bunch so far this year, said one security company.

Jonathan Bitle, manager of technical accounts at Qualys, said: "Although there are only 10 patches, they address 26 vulnerabilities and it's the largest release for Microsoft this year. This could be overwhelming for IT managers because they'll have to navigate what to patch and which to patch first."

The second-largest release was in August, when Microsoft's 12 patches put right 23 flaws.

Antivirus company Symantec said the updates include patches for Office flaws for which exploit code already exists, including an Excel vulnerability that surfaced in July and a Word exploit that emerged last month.

Symantec security response director, Oliver Friedrichs, said in a statement: "The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus, and users should consider the installation of these patches to be a critical component of a smart security strategy."

IT administrators may want to work particularly quickly in deploying three of the patches - MS06-057, MS06-058 and MS06-060 - Qualys' Bitle said.

Microsoft also noted it expects to release Windows Internet Explorer 7 later this month, with the browser update scheduled to be delivered shortly thereafter via Windows Update and Automatic Update.

The company said it is providing a blocker tool that will allow businesses to prevent their computers from receiving the new browser. Businesses that don't want IE 7 should have the blocking tool in place by 1 November, Microsoft said.

Ina Fried and Dawn Kawamoto write for CNET News.com