Microsoft Plans Massive Patch Tuesday Security Update

Microsoft is planning to fix 26 vulnerabilities for February's Patch Tuesday. Most of the vulnerabilities are related to Windows.

Microsoft is planning to release 13 security bulletins Feb. 9 as part of this month's Patch Tuesday.

Five of the 13 bulletins are rated critical, seven are rated important and one is rated moderate. All but two of the bulletins address security issues in Windows, with the other two dealing with issues in Microsoft Office. All told, the updates address 26 vulnerabilities.

Exact details for most of the bugs were not made public. However, Microsoft said it plans to patch an escalation-of-privilege issue in the Windows kernel that it warned users about in January. Among the vulnerabilities not being addressed this month are an Internet Explorer bug the company issued an advisory about on Feb. 3 and a vulnerability in the SMB (Server Message Block) protocol Microsoft is still working to address.

Four of the bulletins were given the highest deployment priority rating of one.

"Thirteen bulletins make this the busiest February we've seen from Microsoft, with only four last year and an average of 11 to 12 in the three years prior," noted Sheldon Malm, senior director of security strategy at Rapid7.

"None of the operating systems escaped this month's updates. Even the latest versions of Windows have been hit hard this month, with six updates for Vista, eight for Server 2008, and five for Server 2008 R2 and Windows 7. I won't be surprised if Microsoft is playing catch-up on some lingering vulnerabilities from last year."