March 05, 2010

Microsoft readies two patches for Windows, Office flaws

Microsoft next week is planning a pair of "important" patches to address eight vulnerabilities in Windows and Office.

The software giant is not planning to release any patches graded "critical," its most severe rating, when the fixes are released about 2 p.m. EST on Tuesday as part of Microsoft's monthly security update.

"To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require a user to open a specially crafted file," Jerry Bryant, senior security communications manager at Microsoft, said Thursday in a blog post.

Microsoft is not expected to address a VBScript vulnerability, confirmed in an advisory earlier this week. The issue does not affect Windows 7, Server 2008, Server 2008 R2 and Vista.

"There are no known attacks, but we encourage customers to review the advisory and apply the suggested workaround where possible," Bryant said.

While Microsoft will not reveal specifics of the patches until Tuesday, there are at least two other issues that Microsoft has yet to address: an Internet Explorer vulnerability, announced in February, and another bug in SMB, revealed in November.


Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.