Microsoft slates IE, Windows, Office updates for next week
New IE10 on Windows 7 escapes patching
Computerworld - Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
March's Patch Tuesday collection will be significantly smaller than last month's, when Microsoft issued a dozen updates that patched a near-record 57 vulnerabilities.
Microsoft averaged close to eight updates monthly throughout 2012, said Andrew Storms, director of security operations at nCircle Security, and the count thus far this year -- 8 in January, 12 in February, 7 in March -- is close, with a slightly higher average of 9.
Four of the updates will be ranked critical, Microsoft's highest threat rating, while the remainder will be labeled "important," the next step below critical.
The most notable of the seven, pegged today as "Bulletin 1," will affect all versions of IE, ranging from the 12-year-old IE6 to the just-released IE10 on Windows 8 and Windows RT.
IE10 on Windows 7, which started appearing on PCs powered by that OS just last week, will not be patched, indicating that Microsoft fixed the flaws there on the fly.
"It's the third month in a row we've had an IE update," observed Storms.
Last July, Microsoft said it would ditch its every-other-month cadence for IE, claiming that it had boosted staff and other resources, and was now able to release an update any month it chose.
Microsoft has issued an IE update in eight of the nine months since then.
Only one of the seven updates will impact Windows; "Bulletin 2," rated as important, will patch one or more vulnerabilities in all versions except for Windows RT, the limited edition designed for tablets.
Storms noted that although March's Patch Tuesday slate is light on OS updates, heavy on ones for Microsoft's applications, it's common for months to flip and flop between the OS and app categories.
Other updates sketched out by Microsoft's advance notification today will address critical flaws in Visio, a relatively little-used member of the Office family; Silverlight; and SharePoint Server. Important updates will be issued for OneNote, the note-taking application that Microsoft has been aggressively promoting of late; and Office for Mac 2008 and 2011.
Visio was last patched in August 2012, Silverlight in May 2012 and SharePoint in Dec. 2012.
"This looks like a typical month," said Storms. "Hopefully, we can take care of these, then go back to fixing or patching or just ripping out Java."
Microsoft will release next week's seven security updates on March 12 at approximately 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Malware and Vulnerabilities White Papers | Webcasts