Microsoft to deliver 13 security patches for 26 bugs

Share this article:

After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.

The software giant on Tuesday plans to release 13 patches to address 26 vulnerabilities, according to an advance notification. Five of the fixes are rated "critical," seven are graded "important" and one is listed as "moderate."

Microsoft's latest operating systems, Vista and Windows 7, each are affected by only three of the five critical patches. However, one of the critical bulletins does affect all supported versions of Windows.

Multiple Office flaws are scheduled to be resolved with two patches rated important. 

"We encourage customers to upgrade to the latest versions of both Windows and Office," Jerry Bryant, senior security communications manager at Microsoft, said Thursday in a blog post. "As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built in to these products."

One of the three publicly known Windows vulnerabilities is scheduled to be fixed, Bryant said. That one is a privilege-escalation flaw in the Windows kernel, disclosed last month, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list

Not on the docket next week for a fix is an Internet Explorer vulnerability announced this week and a bug in the Sever Message Block (SMB) protocol, revealed in November.

The IE flaw "only affects versions of Windows older than Vista in their default configuration, and there is a 'Fix-It' available so customers in nondefault configurations can protect themselves," Bryant said.

Meanwhile, the SMB issue can lead to a denial-of-service that results in a system crash, but not the injection of malicious code.

Administrators should start preparing for the update, said Don Leatham, senior director of solutions and strategy for Lumension, a vulnerability management firm.

"It will be imperative to plan ahead this month on how these patches should be deployed throughout their enterprises to minimize the possibility of widespread disruption," he said.

In other news from the advance notification document, Microsoft plans to drop support for Windows XP Service Pack 2 and Windows 2000 on July 13.


Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.