Patch Tuesday to deliver Valentine's bug massacre
By Miya Knights,
It looks as though the slow start to the Microsoft patching cycle on 2007 is over, with twelve significant security updates due to drop in next Tuesday's monthly patch release.
The January release of the software giant's 'Patch Tuesday' monthly cycle of security updates addressed only three flaws.
But seven of next week's twelve updates in the Microsoft security bulletin issued late yesterday were given its highest, 'critical' rating. The other five are rated 'important'.
Alan Bentley, regional vice president of security firm, Lumension (formerly PatchLink) said the number of patches this month means IT administrators might be working on deployment and testing through Valentine's Day to get systems up-to-date.
"This month's patches are going to require a great deal of man hours for IT administrators, from determining what is affected to the testing and deployment processes," he said.
The bulletin said the critical updates affect Microsoft's Windows operating system, Internet Explorer (IE) and its Office platform: two for Windows and one each for IE, Office, Office Publisher and Microsoft Word each. The last affects IE's JScript scripting languages and VBScript.
Each critical update would patch a vulnerability that could allow hackers to run unauthorised software on an un-patched PC, Microsoft said.
Bentley said: "As so many critical patches affect so many applications, these are widespread enough to have a bigger effect than we've seen in a year and they are going to require the utmost attention and energy. In addition, so many remote code execution flaws that don't require end-user interaction are hugely critical because of the danger of malware and rootkits."
He also said that, because users are so used to trusting and opening Office attachments, the fact that there are three critical patches for Office "opens up a huge window for a potential attack, whether general or targeted".
The important updates are for Windows Active Directory, Windows Vista and Microsoft Works, as well as two for its Internet Information Services (IIS) web server software.
"The two important patches for IIS is surprising because this is a very prime target compared to an endpoint and this is definitely not something that you want to be vulnerable. IT administrators should examine these patches closely," added Bentley.
On average, Microsoft released just under six patches per month last year. The bumper crop due next Tuesday is scheduled to drop at 1pm US Eastern time (6pm GMT).
advertisement
Latest Internet Features
Microsoft: One year under Steve Ballmer
It's been one year since Bill Gates left Microsoft in Steve Ballmer's hands. What kind of year have we seen?
- The top ten UK web brands
- Can Microsoft make a success out of Silverlight?
- A short history of Phorm
- Top of the flops: 10 pieces of tech that died before they’d lived
- Can Google or Microsoft get any bigger?
- Focus on... Flexible working
- 10 big internet names that have fallen
- The history of search engines
- Top 10 mobile Twitter apps
Latest Internet Reviews
Mozilla Firefox 3.5 review
Rating: 
advertisement
Latest News Videos in Internet
Video: How to set up a Smoothwall firewall
PlayWe take you through how to setup your own low-cost firewall system using nothing more than a low spec PC and free software.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?