Microsoft to deliver 13 security patches for 26 bugs

Share this article:

After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.

The software giant on Tuesday plans to release 13 patches to address 26 vulnerabilities, according to an advance notification. Five of the fixes are rated "critical," seven are graded "important" and one is listed as "moderate."

Microsoft's latest operating systems, Vista and Windows 7, each are affected by only three of the five critical patches. However, one of the critical bulletins does affect all supported versions of Windows.

Multiple Office flaws are scheduled to be resolved with two patches rated important. 

"We encourage customers to upgrade to the latest versions of both Windows and Office," Jerry Bryant, senior security communications manager at Microsoft, said Thursday in a blog post. "As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built in to these products."

One of the three publicly known Windows vulnerabilities is scheduled to be fixed, Bryant said. That one is a privilege-escalation flaw in the Windows kernel, disclosed last month, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list

Not on the docket next week for a fix is an Internet Explorer vulnerability announced this week and a bug in the Sever Message Block (SMB) protocol, revealed in November.

The IE flaw "only affects versions of Windows older than Vista in their default configuration, and there is a 'Fix-It' available so customers in nondefault configurations can protect themselves," Bryant said.

Meanwhile, the SMB issue can lead to a denial-of-service that results in a system crash, but not the injection of malicious code.

Administrators should start preparing for the update, said Don Leatham, senior director of solutions and strategy for Lumension, a vulnerability management firm.

"It will be imperative to plan ahead this month on how these patches should be deployed throughout their enterprises to minimize the possibility of widespread disruption," he said.

In other news from the advance notification document, Microsoft plans to drop support for Windows XP Service Pack 2 and Windows 2000 on July 13.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.