Microsoft to deliver eight patches, five critical
Microsoft on Thursday announced it will to push out eight fixes next
week, including five for flaws graded critical, as part of its monthly
The bulletins -- to be released Tuesday -- address vulnerabilties in
Windows; Internet Explorer (IE); Project, part of Office; and VBScript
and JScript, two scripting languages supported by Microsoft, according
to the software giant"s advance notification advisory.
Andrew Storms, director of security operations at nCircle, a network
security firm, told SCMagazineUS.com on Thursday that administrators
should pay most attention to Bulletin 2.
"It"s "critical" for every Windows operating system, including 2008,"
he said. "It"s going to be first on the list [to patch], absolutely."
The scripting vulnerabilities will be covered by a patch that was
apparently withheld from the February round of bulletins after
originally being slated for release, Storms said.
"There"s a bunch of eyes on this one because the information was out
there that there was a vulnerability in it," he said. "It will be
interesting to see just how critical it is."
Storms also mentioned two patches that cover IE holes, which are representative of the current threat landscape.
"Client-side vulnerabilities, that"s really where the attack target is the majority of the time these days," he said.
The five security bulletins are considered critical because they
address vulnerabilities that could be exploited to execute remote code.
Microsoft also plans to push out three bulletins for flaws labeled important. Those cover issues in Windows and Visio.
Patch Tuesday this month coincides with the annual RSA Conference in
San Francisco, so the update is sure to be a topic of conversation next
week, Storms said.
"All the security minds from all walks of business will be in the same place at once," he said.