Patch/Configuration Management, Vulnerability Management

Microsoft readies two patches for Windows, Office flaws

Microsoft next week is planning a pair of "important" patches to address eight vulnerabilities in Windows and Office.

The software giant is not planning to release any patches graded "critical," its most severe rating, when the fixes are released about 2 p.m. EST on Tuesday as part of Microsoft's monthly security update.

"To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require a user to open a specially crafted file," Jerry Bryant, senior security communications manager at Microsoft, said Thursday in a blog post.

Microsoft is not expected to address a VBScript vulnerability, confirmed in an advisory earlier this week. The issue does not affect Windows 7, Server 2008, Server 2008 R2 and Vista.

"There are no known attacks, but we encourage customers to review the advisory and apply the suggested workaround where possible," Bryant said.

While Microsoft will not reveal specifics of the patches until Tuesday, there are at least two other issues that Microsoft has yet to address: an Internet Explorer vulnerability, announced in February, and another bug in SMB, revealed in November.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.