14 DAY TRIAL // Not counting the out-of-band security bulletin released for Internet Explorer, January has been a rather slow month for Microsoft, when it comes down to its scheduled patch cycle. But the Redmond company will more than compensate for the small number of security updates released for its products, with the exception of IE the past month. Next week, on February 9, 2010, the software giant will make available patches for no less than 26 vulnerabilities affecting Windows and Office.
“This month, we will be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office,” revealed Sr. Security Communications Manager – Lead, Jerry Bryant.
In the first half of January 2010, Microsoft released a single security bulletin impacting Windows. This month, that number has grown to 11. At the same time, the company’s latest versions of Windows will be impacted by the patches coming next week. No less than 3 Critical bulletins will plug security holes in both Windows 7 and Windows Server 2008 R2. Windows 7 customers will need to deploy two additional patch packages rated as Important. Windows Vista users will have to deploy 3 Critical and 3 Important security bulletins, with Windows XP being targeted by no less than 5 Critical updates.
“The Office related bulletins are both rated Important and would require user action to be exploited (usually in the form of convincing a user to open a specially crafted file). The vulnerabilities only affect older versions of Office so customers on Office 2007 or Office 2008 for Mac will have not actions this month,” Bryant added. “We encourage customers to upgrade to the latest versions of both Windows and Office.”
On February 9th, Microsoft will also patch a 17-year old vulnerability affecting the 32-bit (x86) versions of Windows, including Windows 7. “Advisory 979682, Vulnerability in Windows Kernel Could Allow Elevation of Privilege: we are on track to release an update for this issue next Tuesday,” Bryant added.