After a busy February of patching bugs, security professionals can expect a much easier time of it in March, with a total of three patches coming, only one of which Microsoft rates as “critical,” the company said Thursday.
Last month, Microsoft (NASDAQ: MSFT) released a dozen patches that fixed a total of 22 separate security vulnerabilities, making February a busy time for security professionals — one of the busiest ever in Microsoft’s monthly Patch Tuesday cycle.
Besides one patch rated critical — the highest severity on Microsoft’s ranking scale — the other two fixes this month are rated “important,” the next step down.
All told, the three patches fix a total of four security bugs in Windows and Office, Angela Gunn, security response communications manager for Trustworthy Computing at Microsoft, said in a brief post to the Microsoft Security Response Center (MSRC) blog.
In order to make handling security updates more manageable, Microsoft releases most of its patches on a single day each month. Since it occurs on the second Tuesday of the month, it’s called Patch Tuesday. The company is very careful not to provide information that might be useful to hackers until it actually has a fix, so it typically doesn’t disclose the nature of a vulnerability until the day of the release.
However, in order to prepare security administrators for how much the workload will be to install and test, Microsoft provides some information, such as how many patches and bug fixes are coming in a notice published the Thursday before Patch Tuesday.
For example, of Tuesday’s three patches, two are related to Windows, including the critical patch, while the third impacts Office. All three may require that patched systems be restarted, according to Thursday’s advance notice.
Additionally, the critical patch affects Windows XP Service Pack 3 (SP3) — the only currently-supported version of XP — as well as Windows Vista and Windows 7. Windows Server 2003 through Windows Server 2008 Release 2 (R2) are either not affected or rated important.