Windows Users Brace for MS Patch Tuesday Barrage

 
 
By Ryan Naraine  |  Posted 2008-02-07
 
 
 

After a relatively light Patch Tuesday load in January, Windows administrators are bracing for a barrage of security updates from Microsoft.

According to the software maker's advance notice mechanism, there are 12 bulletins slated for release Feb. 12. Seven of the 12 will be rated "critical," Microsoft's highest severity rating.

Four of the seven critical bulletins will contain fixes for code execution holes in Microsoft Office, the company's flagship desktop productivity suite.

These fixes will most likely cover known -- and already exploited  -- zero-day flaws affecting Microsoft Excel. Microsoft has already issued a pre-patch advisory regarding the Excel attacks, so it is a safe bet that the February Patch Batch will cover holes in Excel 2000, Excel 2002, Excel 2003 and Excel 2004 for Mac.

The widely deployed Internet Explorer browser is also getting a cumulative update to fix holes that could cause drive-by malware installation attacks.

High-risk bulletins are also slated for users of the Windows operating system, VBScript and JScript.

In addition to the critical bulletins, Microsoft also gave notice on five "important" updates covering holes in Windows, Active Directory, ADAM, ISS and the Office Works suite.

Some of the "important" bulletins provide fixes for code execution, privilege escalation and denial-of-service vulnerabilities.

Four of the seven bulletins will contain patches for Windows Vista, Microsoft's newest operating system.

As is customary, Microsoft will release an updated version of the MSRT (Malicious Software Removal Tool) to add detections for new strains for bots, Trojans and viruses.

Rocket Fuel