Patch/Configuration Management, Vulnerability Management

Microsoft preps seven security patches


Microsoft announced Thursday that it plans to release seven patches next week to address eight security vulnerabilities.

As part of its first monthly security update of the new year, the software giant expects to patch flaws in Windows, as well as in its developer tools software, according to an advance notification. It does not appear that any publicly known issues are being patched.

Just one of the seven bulletins is deemed "critical" in nature, Microsoft's highest severity rating.

That means the vulnerability in question can be exploited by an attacker to execute remote code without the user taking any action. While the issue exists across all supported Microsoft operating systems, the flaw is not considered as major in Windows 7 and Server 2008 R2.

Tuesday's patch batch also will include a fix for a unique vulnerability, one which can result in a "security feature bypass (SFB)."

"SFB-class issues in themselves can't be leveraged by an attacker," Angela Gunn, a senior response communications manager for Microsoft Trustworthy Computing, explained in a blog post Thursday. "Rather, a would-be attacker would use them to facilitate use of another exploit."

The update also may contain a fix that was pulled because of a compatibility issue shortly before December's patches went live.

The patches are due out around 1 p.m. EST on Tuesday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.