Patch/Configuration Management, Vulnerability Management

Redmond’s cupid armed with seven new patches

Forget the chocolates, candy and romantic cards. Microsoft's Valentine's Day gift to PC users will be seven security updates, five of which are marked "critical."

The Redmond, Wash., computing giant announced Thursday that February's Patch Tuesday will contain the greatest number of patches in months in a statement on its TechNet website.

Four of the patches are for Windows. Microsoft said the highest maximum severity rating for the updates is "critical," and that some would require a restart.

One other update will be for Windows Media Player. It also has a "critical" rating but will not require a system restart.

Another bulletin will affect both Windows and Microsoft Office. Its highest rating is "important," and it will require a restart.

The seventh patch will affect Microsoft office only. It has a maximum severity rating of "important," and it may require a restart.

Microsoft will also include an updated version of the Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update and the Download Center. It will not be distributed via Software Update Service, according to Redmond.

Mike Reavy, of the Microsoft Security Response Center, said on the team's weblog that users should update their systems immediately after the download.

"This coming Tuesday, we're planning to release seven security bulletins, and they are being released for Windows, one for Windows and Office and one for Office," he said. "The maximum total severity rating for this month is critical, so please update systems as soon as possible when they are available on Tuesday."

Microsoft released two separate bulletins last month due to a widespread metafile vulnerability that left most Windows users at risk of downloading malicious code just by viewing image files.

The WMF patch, demanded early by many security experts and PC users, was released five days earlier than the scheduled Jan. 10 bulletin.

On the scheduled release date, Microsoft released two other patches – one for a vulnerability in embedded web fonts and the other for a TNEF decoding flaw.

Last December, the company released two patches, one for an Internet Explorer vulnerability and one for a flaw in the Windows kernel that could permit privilege escalation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.