Microsoft To Release Critical Patches for Vista, XP, Office, IE, Visual Basic

Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

IT pros better prepare to have their hands full next week as Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

All of the seven critical items, like most patches in recent months, are designed to stave off remote code execution (RCE) bugs. As always, the advance notice isn't gospel as the nature, number and design of all the patches won't be known officially until Tuesday. But the preview is usually a pretty good indication of what's to come.

The first critical issue affects all Windows OS versions with the exception of Windows 2000 Service Pack 4.

Critical patch number two will be for Windows, Office and Visual Basic programs on all OS versions, though only Windows 2000 SP4, and all editions of XP and Vista were labeled as "critical."

The third critical item is another Windows fix specifically dealing with exploits that would affect VBScript and Jscript language parameters on all OS versions but Vista. VBScript and Jscript are used mainly by Web developers working with Internet Explorer.

Speaking of IE, the popular browser is what the fourth bulletin in the critical group will mostly address. This fix is supposed to patch the system to prevent the intrusion of RCE-based bugs in all versions of IE up to and including IE7 for Vista.

The remaining three critical patches deal succinctly with MS Office Publisher versions 2000 to 2003, the whole Office suite of applications in Office 2000 SP3; and Microsoft Word 2000 SP3 respectively.

Meanwhile, the patches Redmond believes to be "important," deal with a more diverse scope of hacker risks. The five fixes are comprised of two Denial of Service attack plugs, one Elevation of Privilege risk, and two RCE considerations to round out the group.

The first important fix will affect all OS versions and their accompanying Active Directory Programs while Vista will not be affected. Conversely, the second item only affects Vista.

The third item, meanwhile, deals with elevation of privilege considerations in all Windows OS releases as well as OS components such as MS Internet Information Services 5.0 and 6.0. Bulletin four, in the important group is likely a complement to the previous patch as it deals with IIS versions 5.1 and 6.0.

The last important fix for February's release is designed to address RCE exploits in all supported versions of Microsoft Works.

Of the 12 total patches, seven items will require restarts.

In addition to the large number of security patches compared to last month, Microsoft will also release seven non-security, high-priority updates on Microsoft Update and Windows Server Update Services, including its previously announced push of IE7.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

  • Managing Multiple Remote Connections in One Place with mRemoteNG

    If you're juggling multiple remote connections daily, this is the utility for you. Brien walks through the steps to use mRemoteNG, from installation to deployment.

  • Microsoft Unveils Plan To Push Bing to Office 365 ProPlus Users

    Microsoft on Tuesday unveiled plans to deliver an extension that will change the default search engine to Bing in both Google Chrome and Mozilla Firefox browsers for Office 365 ProPlus subscribers.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.