Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft to deliver four patches in March cycle

Microsoft said on Thursday that next week it will release four patches, all of them critical, with one apparently fixing a zero-day Excel vulnerability.

According to the bulletin,fixes for several versions of the Microsoft Office Excel spreadsheet application are included in the affected software list for next week's round patches.

Whether this patches the Excel vulnerability announced by Microsoft on Jan.15 is undetermined, Jason Miller, the research-and-development manager of information and data at Shavlik Technologies, told SCMagazineUS.com.

"I can look at what the security advisory says and the 'Affected Software' table in the pre-release bulletin and see they appear to match, so there's a good chance it is, but I can't say for sure," he said.

In addition to the Excel patch, Microsoft said it will release fixes for several other components of the Office suite. These include the Outlook mail client, Office 2004/2008 for the Mac and the Office Compatibility Pack for the Word, PowerPoint and Excel file formats.

In addition, Microsoft said it will release patches that apply to a variety of Office web components and the Visual Studio.net software developer's application.

"It's hard to say which one is more important than next," Miller said.

Miller pointed out that the relatively small number of anticipated March patches after February's 11-patch round mimics what occurred last year.

"Last year we saw a heavy February round with a big drop off in March, too," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.