Microsoft slates IE, Windows, Office updates for next week
New IE10 on Windows 7 escapes patching
Computerworld - Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
March's Patch Tuesday collection will be significantly smaller than last month's, when Microsoft issued a dozen updates that patched a near-record 57 vulnerabilities.
Microsoft averaged close to eight updates monthly throughout 2012, said Andrew Storms, director of security operations at nCircle Security, and the count thus far this year -- 8 in January, 12 in February, 7 in March -- is close, with a slightly higher average of 9.
Four of the updates will be ranked critical, Microsoft's highest threat rating, while the remainder will be labeled "important," the next step below critical.
The most notable of the seven, pegged today as "Bulletin 1," will affect all versions of IE, ranging from the 12-year-old IE6 to the just-released IE10 on Windows 8 and Windows RT.
IE10 on Windows 7, which started appearing on PCs powered by that OS just last week, will not be patched, indicating that Microsoft fixed the flaws there on the fly.
"It's the third month in a row we've had an IE update," observed Storms.
Last July, Microsoft said it would ditch its every-other-month cadence for IE, claiming that it had boosted staff and other resources, and was now able to release an update any month it chose.
Microsoft has issued an IE update in eight of the nine months since then.
Only one of the seven updates will impact Windows; "Bulletin 2," rated as important, will patch one or more vulnerabilities in all versions except for Windows RT, the limited edition designed for tablets.
Storms noted that although March's Patch Tuesday slate is light on OS updates, heavy on ones for Microsoft's applications, it's common for months to flip and flop between the OS and app categories.
Other updates sketched out by Microsoft's advance notification today will address critical flaws in Visio, a relatively little-used member of the Office family; Silverlight; and SharePoint Server. Important updates will be issued for OneNote, the note-taking application that Microsoft has been aggressively promoting of late; and Office for Mac 2008 and 2011.
Visio was last patched in August 2012, Silverlight in May 2012 and SharePoint in Dec. 2012.
"This looks like a typical month," said Storms. "Hopefully, we can take care of these, then go back to fixing or patching or just ripping out Java."
Microsoft will release next week's seven security updates on March 12 at approximately 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Malware and Vulnerabilities White Papers | Webcasts