Patch Tuesday to deliver Valentine's bug massacre
By Miya Knights,
It looks as though the slow start to the Microsoft patching cycle on 2007 is over, with twelve significant security updates due to drop in next Tuesday's monthly patch release.
The January release of the software giant's 'Patch Tuesday' monthly cycle of security updates addressed only three flaws.
But seven of next week's twelve updates in the Microsoft security bulletin issued late yesterday were given its highest, 'critical' rating. The other five are rated 'important'.
Alan Bentley, regional vice president of security firm, Lumension (formerly PatchLink) said the number of patches this month means IT administrators might be working on deployment and testing through Valentine's Day to get systems up-to-date.
"This month's patches are going to require a great deal of man hours for IT administrators, from determining what is affected to the testing and deployment processes," he said.
The bulletin said the critical updates affect Microsoft's Windows operating system, Internet Explorer (IE) and its Office platform: two for Windows and one each for IE, Office, Office Publisher and Microsoft Word each. The last affects IE's JScript scripting languages and VBScript.
Each critical update would patch a vulnerability that could allow hackers to run unauthorised software on an un-patched PC, Microsoft said.
Bentley said: "As so many critical patches affect so many applications, these are widespread enough to have a bigger effect than we've seen in a year and they are going to require the utmost attention and energy. In addition, so many remote code execution flaws that don't require end-user interaction are hugely critical because of the danger of malware and rootkits."
He also said that, because users are so used to trusting and opening Office attachments, the fact that there are three critical patches for Office "opens up a huge window for a potential attack, whether general or targeted".
The important updates are for Windows Active Directory, Windows Vista and Microsoft Works, as well as two for its Internet Information Services (IIS) web server software.
"The two important patches for IIS is surprising because this is a very prime target compared to an endpoint and this is definitely not something that you want to be vulnerable. IT administrators should examine these patches closely," added Bentley.
On average, Microsoft released just under six patches per month last year. The bumper crop due next Tuesday is scheduled to drop at 1pm US Eastern time (6pm GMT).
advertisement
Latest Internet Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Internet Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with Easynet Connect's Chris Stening
PlayIT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?