Microsoft Windows, Office Security Fixes Prepped for Patch Tuesday

Microsoft is planning to release two security updates next week for Patch Tuesday to address eight vulnerabilities. The company also reminded users it is terminating support in the coming months for certain versions of Windows.

Microsoft is preparing to release two security updates next week to cover eight security holes in Windows and Microsoft Office.

According to Microsoft, both the bulletins will be rated "important," the second highest rating the company gives to its updates. The first affects Windows XP, Vista and Windows 7 systems. The second bulletin deals with problems in Excel 2002, Excel 2003 and Excel 2007 on Windows, as well as Excel 2004 and Excel 2008 on the Mac. The second bulletin also impacts versions of SharePoint Server, Excel Viewer and the Open X M L File Format Converter for Mac.

The small number of updates is a significant change from last month, when the company released a total of 13 security updates for 26 vulnerabilities. Since neither of the bulletins are critical, administrators have something of a breather when it comes to installation, Qualys CTO Wolfgang Kandek said in an e-mail to eWEEK.

"The lower criticality ratings allow IT admins more time to address these March bulletins," Kandek said. "It is likely that the Office vulnerabilities should be handled first, as file format vulnerabilities in general have been on the rise in the last year and end users frequently trust open office format files such as Excel due to their business-oriented, serious nature."

The updates are scheduled to go out March 9. Not on deck to be fixed next week is a vulnerability involving how VBScript interacts with Windows Help files in Internet Explorer the company warned users about March 1, and which Microsoft Senior Security Communications Manager Lead Jerry Bryant said the company is continuing to monitor.

"There are no known attacks, but we encourage customers to review the advisory and apply the suggested workarounds where possible," he blogged. "Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2 and Windows Vista are not affected."

As part of the advanced notification, the company also took the time to remind users that several versions of the Windows operating system will soon no longer be receiving security updates, and urged users to begin the upgrade process. Here are the dates and the Windows versions involved:

  • Windows XP Service Pack 2 will not be supported after July 13, 2010. Customers are urged to upgrade to Service Pack 3 or to Windows 7.
  • Windows Vista RTM will no longer be supported after April 13, 2010. However, Service Pack 1 will still be supported until July 12, 2011. Microsoft recommends customers update to Service Pack 2 or Windows 7.
  • Extended support for Windows 2000 will end July 13, 2010. After that time, Microsoft will no longer provide security or any other updates for Windows 2000.