Microsoft will release patches to cover 22 security vulnerabilities next week.
Microsoft may have started 2011 slowly
in regards to Patch Tuesday fixes, but this month will be the exact opposite.
Next week, Microsoft plans to release 12 security bulletins,
including three that are rated "Critical." All totaled, the bulletins
will address 22 vulnerabilities spanning Windows, Internet Explorer,
Microsoft Office, Visual Studio and IIS.
"As part of this month's update
, we'll be addressing issues related to two recent Security Advisories, 2490606
(a public vulnerability affecting the Windows Graphics Rendering Engine) and 2488013
(a public vulnerability affecting Internet Explorer)," blogged Angela
Gunn, security response communications manager for Microsoft
Trustworthy Computing. "Additionally, we will be addressing an issue
affecting FTP service in IIS 7.0 and 7.5."
Microsoft warned users about the Windows Graphics Rendering Engine flaw
January after exploit code for the bug was made public. The
vulnerability is caused by the engine improperly parsing a
specially crafted thumbnail image, resulting in a stack overflow, the
company explained in its advisory. In order to exploit the
vulnerability, an attacker must convince a user to visit a malicious
Web page or open a Word or PowerPoint file containing a malicious
The Internet Explorer vulnerability mentioned in advisory 2488013
exists due to the creation of uninitialized memory during a CSS
(cascading style sheet) function within Internet Explorer. The company
issued the advisory for that flaw in December, and has seen limited,
targeted attacks focused on the vulnerability.
In addition to the three critical bulletins are nine others rated as
"Important." The bulletins are slated to be released Feb. 8.