Microsoft to deliver 13 security patches for 26 bugs

Share this article:

After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.

The software giant on Tuesday plans to release 13 patches to address 26 vulnerabilities, according to an advance notification. Five of the fixes are rated "critical," seven are graded "important" and one is listed as "moderate."

Microsoft's latest operating systems, Vista and Windows 7, each are affected by only three of the five critical patches. However, one of the critical bulletins does affect all supported versions of Windows.

Multiple Office flaws are scheduled to be resolved with two patches rated important. 

"We encourage customers to upgrade to the latest versions of both Windows and Office," Jerry Bryant, senior security communications manager at Microsoft, said Thursday in a blog post. "As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built in to these products."

One of the three publicly known Windows vulnerabilities is scheduled to be fixed, Bryant said. That one is a privilege-escalation flaw in the Windows kernel, disclosed last month, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list

Not on the docket next week for a fix is an Internet Explorer vulnerability announced this week and a bug in the Sever Message Block (SMB) protocol, revealed in November.

The IE flaw "only affects versions of Windows older than Vista in their default configuration, and there is a 'Fix-It' available so customers in nondefault configurations can protect themselves," Bryant said.

Meanwhile, the SMB issue can lead to a denial-of-service that results in a system crash, but not the injection of malicious code.

Administrators should start preparing for the update, said Don Leatham, senior director of solutions and strategy for Lumension, a vulnerability management firm.

"It will be imperative to plan ahead this month on how these patches should be deployed throughout their enterprises to minimize the possibility of widespread disruption," he said.

In other news from the advance notification document, Microsoft plans to drop support for Windows XP Service Pack 2 and Windows 2000 on July 13.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researcher hacks iPhone 6 Touch ID sensor

Little progress was made security wise, between the iPhone 5S and iPhone 6 sensor, a researcher found.

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.