Microsoft's Patch Tuesday to Fix Five 'Critical' Security Holes
Microsoft prepares for another big drop of patches, but don't worry. It won't be as large as some recent Patch Tuesday events, though Microsoft is addressing a lingering bug from early March.
Spring is here and that is bringing the bugs out -- at least so it seems.
Microsoft (NASDAQ: MSFT) notified customers this week it plans to patch a total of 25 security vulnerabilities, five of which received the highest severity rating of "critical," in its upcoming "Patch Tuesday" release.
Altogether, the company will release 11 Security Bulletins, it said. However, the new bug-fix drop will not be of the scale of October's patch release, the largest to date for Microsoft.
However, some key details are known of a handful of the problems it's aiming to fix. Included in the vulnerabilities getting attention on Tuesday are a pair of flaws -- one listed as critical -- that originally surfaced as Microsoft Security Advisories, which are somewhat akin to early warnings about bugs for which Microsoft doesn't as yet have patches.
The most dangerous of the two surfaced in early March. That bug has to do with how VBScript processes help files in Internet Explorer.
Among the other critical bugs receiving patches on Tuesday are ones that affect all supported versions of Windows, from Windows 2000 Service Pack 4 (SP4) to Windows XP SP2 and SP3, to Windows Vista SP1 and SP2, and even Windows 7.
Additionally, critical patches affect Windows Server 2003 and 2008 Release 2 (R2). Both 32-bit and 64-bit versions of those systems are included on the list of affected systems.
"The five critical bulletins affect all versions of Windows software that are widely being used and could therefore cause an interruption in services affecting workflow and productivity levels," Don Leatham, senior director of solutions and strategy at security firm Lumension, said in an e-mail to InternetNews.com.
Other vulnerabilities due for patching, though rated as "important" -- the third highest threat level in Microsoft's four-level vulnerability rating system -- affect Microsoft Office and Exchange.