Microsoft Patch Day: Critical WMP, Windows Fixes on Tap

Microsoft plans to release seven security bulletins, at least two of which will be rated critical. Flaws in Windows Media Player, Microsoft Office and the Windows OS will be addressed.

Microsofts security response center wont be playing Cupid this Valentines Day.

On Feb. 14, the Redmond, Wash.-based software plans to release seven security bulletins with patches for multiple software vulnerabilities, at least two of which will be rated critical, the companys highest severity rating.

One of the critical bulletins will address remote exploitable code execution issues in WMP (Windows Media Player), one of Microsofts most widely deployed products.

Four of the seven bulletins apply to fixes for the Windows operating system, and at least one of those will carry the "critical" rating, Microsoft announced in its advance notice mechanism.

As is customary, the MSRC isnt providing any details until next Tuesday, when the bulletins are posted.

Enterprise IT administrators are also urged to start planning for patch deployment around the Microsoft Office productivity suite.

Two bulletins will address vulnerabilities in the desktop productivity suite that includes the ubiquitous Word, Excel, Outlook and PowerPoint programs.

/zimages/6/28571.gifClick here to read more about Microsofts confirmation of a new IE/WMF vulnerability.

The maximum severity rating on the Microsoft Office flaws is "important," which applies to a vulnerability that can be exploited to compromise the confidentiality, integrity or availability of data. It also applies to flaws that can lead to denial-of-service conditions.

According to a long list of unpatched flaws maintained by eEye Digital Security, there are five overdue issues that have not yet been addressed by Microsoft.

They include a high-risk code execution hole in default installations of Internet Explorer and Outlook that was reported to Microsoft about 250 days ago.

/zimages/6/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Microsoft typically includes IE patches under the Windows umbrella, so its likely that a cumulative browser patch will be coming in the February batch of updates.

Another eEye-discovered code execution hole affecting Windows 2000, Windows XP and Windows 2003 users is also more than 167 days overdue.

On Feb. 14, Microsoft will ship an update to its malicious software removal tool to add detections for new worms and viruses detected over the last month.

Updated signatures to catch infections from the recent Kama Sutra (Blackworm) attack will be included, the company said.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.