Patch Tuesday to deliver Valentine's bug massacre
By Miya Knights,
It looks as though the slow start to the Microsoft patching cycle on 2007 is over, with twelve significant security updates due to drop in next Tuesday's monthly patch release.
The January release of the software giant's 'Patch Tuesday' monthly cycle of security updates addressed only three flaws.
But seven of next week's twelve updates in the Microsoft security bulletin issued late yesterday were given its highest, 'critical' rating. The other five are rated 'important'.
Alan Bentley, regional vice president of security firm, Lumension (formerly PatchLink) said the number of patches this month means IT administrators might be working on deployment and testing through Valentine's Day to get systems up-to-date.
"This month's patches are going to require a great deal of man hours for IT administrators, from determining what is affected to the testing and deployment processes," he said.
The bulletin said the critical updates affect Microsoft's Windows operating system, Internet Explorer (IE) and its Office platform: two for Windows and one each for IE, Office, Office Publisher and Microsoft Word each. The last affects IE's JScript scripting languages and VBScript.
Each critical update would patch a vulnerability that could allow hackers to run unauthorised software on an un-patched PC, Microsoft said.
Bentley said: "As so many critical patches affect so many applications, these are widespread enough to have a bigger effect than we've seen in a year and they are going to require the utmost attention and energy. In addition, so many remote code execution flaws that don't require end-user interaction are hugely critical because of the danger of malware and rootkits."
He also said that, because users are so used to trusting and opening Office attachments, the fact that there are three critical patches for Office "opens up a huge window for a potential attack, whether general or targeted".
The important updates are for Windows Active Directory, Windows Vista and Microsoft Works, as well as two for its Internet Information Services (IIS) web server software.
"The two important patches for IIS is surprising because this is a very prime target compared to an endpoint and this is definitely not something that you want to be vulnerable. IT administrators should examine these patches closely," added Bentley.
On average, Microsoft released just under six patches per month last year. The bumper crop due next Tuesday is scheduled to drop at 1pm US Eastern time (6pm GMT).
advertisement
Latest Internet Features
Keynote's Umang Gupta on the health of the Net
The chief exec of Keynote Systems discusses the future of web performance and how PC and mobile worlds will crossover.
- Q&A – Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- What next for Microsoft?
- Becta, open source and education: Too little, too late?
- Working 9-5: Not a way to make a living?
- Managing the public face: Why perception is king in IT
- Who'd be an ISP?
- The impact of the Eee PC
- Creating a mobile data management policy
Latest Internet Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with HTC chief Peter Chou
PlayThe company that brought us the XDA phone is at it again, and should give both Apple and BlackBerry a run for their money.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?