Tuesday's Patch Will Be a Windows Wash

Microsoft today signaled that a hefty batch of security fixes will arrive on Tuesday.

Microsoft's has tended to break its own records of late. In the past six months, Patch Tuesdays have seemed more like "Fat Tuesdays," at least in terms of the volume of fixes contained in the monthly patch. February's patch looks to be no different. According to Microsoft's advance notice, it will contain 13 fixes -- five "critical," seven "important" and one "moderate" fix.

"This amount of bulletins make this the busiest February we've seen from Microsoft, with only four [seen in February of] last year and an average of 11 to 12 [bulletins seen] in the three years prior," said Sheldon Malm, senior director of security strategy at Rapid7.

"All eyes will be on Internet Explorer, given last month's out-of-band update and the current zero day [bug] affecting older versions and instances where Protected Mode is disabled."

Critical Items
The five critical security fixes will be targeted toward most Windows operating systems, according to Microsoft's advance notice. Every fix will be associated with remote code execution (RCE) security implications across several as-yet-unspecified Windows components. The most pressing Windows component so far this year from a security perspective has been Internet Explorer, expert say.

While the critical fixes apply across most Windows OSes, there will be a couple of exceptions. Critical patch No. 2 will not affect Vista, Windows 7 or Windows Server 2008. Critical patch No. 4 only touches on Vista and Windows Server 2008.

Important Items
The seven important items will be a mixed bag of RCE, elevation-of-privilege and denial-of-service exploit patches affecting both Windows components and Microsoft Office applications. Every supported Windows OS is affected in some form or another.

For the Office fixes, only Office apps sitting on Office XP, Office 2003 and Office 2004 for Mac will be affected.

Moderate Item
The lone moderate fix will only touch on the Windows 2000 and Windows XP operating systems as a patch for an RCE exploit.

It will be a busy day next Tuesday if the advance notice is any indication. Security experts anticipate no less than 20 vulnerabilities targeted in the February patch. All 13 security items may require a system restart.

"None of the operating systems escaped this month's updates. Even the latest versions of Windows have been hit hard this month, with six updates for Vista, eight for Server 2008, and five for Server 2008 R2 and Windows 7," Malm said in reference to the advance bulletin. "I won't be surprised if Microsoft is playing catch-up on some lingering vulnerabilities from last year."

If any IT administrators still have time for nonsecurity updates, they can check out this Knowledge Base article. It describes updates arriving via Windows Update, Microsoft Update and Windows Server Update Service.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.