Microsoft slates IE, Windows, Office updates for next week
New IE10 on Windows 7 escapes patching
Computerworld - Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
March's Patch Tuesday collection will be significantly smaller than last month's, when Microsoft issued a dozen updates that patched a near-record 57 vulnerabilities.
Microsoft averaged close to eight updates monthly throughout 2012, said Andrew Storms, director of security operations at nCircle Security, and the count thus far this year -- 8 in January, 12 in February, 7 in March -- is close, with a slightly higher average of 9.
Four of the updates will be ranked critical, Microsoft's highest threat rating, while the remainder will be labeled "important," the next step below critical.
The most notable of the seven, pegged today as "Bulletin 1," will affect all versions of IE, ranging from the 12-year-old IE6 to the just-released IE10 on Windows 8 and Windows RT.
IE10 on Windows 7, which started appearing on PCs powered by that OS just last week, will not be patched, indicating that Microsoft fixed the flaws there on the fly.
"It's the third month in a row we've had an IE update," observed Storms.
Last July, Microsoft said it would ditch its every-other-month cadence for IE, claiming that it had boosted staff and other resources, and was now able to release an update any month it chose.
Microsoft has issued an IE update in eight of the nine months since then.
Only one of the seven updates will impact Windows; "Bulletin 2," rated as important, will patch one or more vulnerabilities in all versions except for Windows RT, the limited edition designed for tablets.
Storms noted that although March's Patch Tuesday slate is light on OS updates, heavy on ones for Microsoft's applications, it's common for months to flip and flop between the OS and app categories.
Other updates sketched out by Microsoft's advance notification today will address critical flaws in Visio, a relatively little-used member of the Office family; Silverlight; and SharePoint Server. Important updates will be issued for OneNote, the note-taking application that Microsoft has been aggressively promoting of late; and Office for Mac 2008 and 2011.
Visio was last patched in August 2012, Silverlight in May 2012 and SharePoint in Dec. 2012.
"This looks like a typical month," said Storms. "Hopefully, we can take care of these, then go back to fixing or patching or just ripping out Java."
Microsoft will release next week's seven security updates on March 12 at approximately 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts