News

Microsoft To Release Critical Patches for Vista, XP, Office, IE, Visual Basic

Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

IT pros better prepare to have their hands full next week as Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

All of the seven critical items, like most patches in recent months, are designed to stave off remote code execution (RCE) bugs. As always, the advance notice isn't gospel as the nature, number and design of all the patches won't be known officially until Tuesday. But the preview is usually a pretty good indication of what's to come.

The first critical issue affects all Windows OS versions with the exception of Windows 2000 Service Pack 4.

Critical patch number two will be for Windows, Office and Visual Basic programs on all OS versions, though only Windows 2000 SP4, and all editions of XP and Vista were labeled as "critical."

The third critical item is another Windows fix specifically dealing with exploits that would affect VBScript and Jscript language parameters on all OS versions but Vista. VBScript and Jscript are used mainly by Web developers working with Internet Explorer.

Speaking of IE, the popular browser is what the fourth bulletin in the critical group will mostly address. This fix is supposed to patch the system to prevent the intrusion of RCE-based bugs in all versions of IE up to and including IE7 for Vista.

The remaining three critical patches deal succinctly with MS Office Publisher versions 2000 to 2003, the whole Office suite of applications in Office 2000 SP3; and Microsoft Word 2000 SP3 respectively.

Meanwhile, the patches Redmond believes to be "important," deal with a more diverse scope of hacker risks. The five fixes are comprised of two Denial of Service attack plugs, one Elevation of Privilege risk, and two RCE considerations to round out the group.

The first important fix will affect all OS versions and their accompanying Active Directory Programs while Vista will not be affected. Conversely, the second item only affects Vista.

The third item, meanwhile, deals with elevation of privilege considerations in all Windows OS releases as well as OS components such as MS Internet Information Services 5.0 and 6.0. Bulletin four, in the important group is likely a complement to the previous patch as it deals with IIS versions 5.1 and 6.0.

The last important fix for February's release is designed to address RCE exploits in all supported versions of Microsoft Works.

Of the 12 total patches, seven items will require restarts.

In addition to the large number of security patches compared to last month, Microsoft will also release seven non-security, high-priority updates on Microsoft Update and Windows Server Update Services, including its previously announced push of IE7.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Exchange Server June Cumulative Updates Arrive, but with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.