Redmond's cupid armed with seven new patches

Share this article:

Forget the chocolates, candy and romantic cards. Microsoft's Valentine's Day gift to PC users will be seven security updates, five of which are marked "critical."

The Redmond, Wash., computing giant announced Thursday that February's Patch Tuesday will contain the greatest number of patches in months in a statement on its TechNet website.

Four of the patches are for Windows. Microsoft said the highest maximum severity rating for the updates is "critical," and that some would require a restart.

One other update will be for Windows Media Player. It also has a "critical" rating but will not require a system restart.

Another bulletin will affect both Windows and Microsoft Office. Its highest rating is "important," and it will require a restart.

The seventh patch will affect Microsoft office only. It has a maximum severity rating of "important," and it may require a restart.

Microsoft will also include an updated version of the Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update and the Download Center. It will not be distributed via Software Update Service, according to Redmond.

Mike Reavy, of the Microsoft Security Response Center, said on the team's weblog that users should update their systems immediately after the download.

"This coming Tuesday, we're planning to release seven security bulletins, and they are being released for Windows, one for Windows and Office and one for Office," he said. "The maximum total severity rating for this month is critical, so please update systems as soon as possible when they are available on Tuesday."

Microsoft released two separate bulletins last month due to a widespread metafile vulnerability that left most Windows users at risk of downloading malicious code just by viewing image files.

The WMF patch, demanded early by many security experts and PC users, was released five days earlier than the scheduled Jan. 10 bulletin.

On the scheduled release date, Microsoft released two other patches – one for a vulnerability in embedded web fonts and the other for a TNEF decoding flaw.

Last December, the company released two patches, one for an Internet Explorer vulnerability and one for a flaw in the Windows kernel that could permit privilege escalation.

Share this article:

Sign up to our newsletters

More in News

Carbon Grabber crimeware kit being distributed in spam campaign

A spam campaign involving the Carbon Grabber crimeware kit is ongoing against the automotive industry in Europe, according to Symantec.

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tatics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.