With two security bulletins

Mar 5, 2010 13:58 GMT  ·  By

Microsoft has announced that it is planning to release just a couple of patch packages in the coming week, in an effort to plug security vulnerabilities in its main cash cows. “We will be releasing two bulletins this month affecting Windows and Microsoft Office products. Both bulletins are rated Important and address a total of 8 vulnerabilities,” Jerry Bryant, Sr. security communications manager lead, noted.

The Important rating is a severity indicator that Microsoft uses in order to help customers assess the level of risk associated with the vulnerabilities that the patches are designed to resolve. There is a single rating more severe than Important for the Redmond company, namely Critical, which is generally associated with vulnerabilities that, in the eventuality of a successful exploit, would allow an attacker to execute arbitrary code remotely on compromised computers.

The same is not the case with Important vulnerabilities. “To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network based attack vectors,” Bryant added.

Microsoft did reveal that both 32-bit and 64-bit editions of Windows 7 were among the affected software, as were the x86 and x64 variants of Windows XP SP3 and Windows Vista SP2. Various releases of the company’s productivity suite will also be affected, including Office 2007 and Office 2008 for Mac.

“We’re also continuing to monitor the situation with Security Advisory 981169, the VBScript issue disclosed on Monday. There are no known attacks but we encourage customers to review the advisory and apply the suggested workarounds where possible. Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected,” Bryant explained.