Microsoft will issue 12 bulletins, three critical next week as part of its regularly scheduled Patch Tuesday round of updates, repairing holes across its product line.
In its February Advance Notification, the software giant said it would patch 22 vulnerabilities, addressing issues in Microsoft Windows Internet Explorer, Office, Visual Studio and IIS. The updates are scheduled to be released Feb. 8 at 1 p.m. ET.
Included in the February batch of patches is an update to repair a publicly disclosed vulnerability in its Windows Graphics Rendering Engine, which could be used in drive-by attacks. The flaw is in the way Windows accesses an object to run an application. A malicious thumbnail image can cause the Graphics Rendering Engine to fail. The maintainers of the Metasploit Framework created a module for the zero-day flaw last month, though there have been no reports of ongoing attacks targeting the vulnerability.
Microsoft is also addressing a serious memory bug in Internet Explorer that could be used by attackers to remotely execute malicious files. The flaw is in the Cascading Style Sheet (CSS) function within Internet Explorer
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
surfaced in late December. An automated fix-it was issued and
temporarily prevents the recursive loading of CSS stylesheets.
Alan Bentley, a senior vide president at Lumension Security Inc., which specialises in endpoint security patch management, warned that the Internet Explorer patch will need to be handled carefully.
"With such a significant patch, IT departments across the world will be undergoing a mass reboot," he said. "As we know from experience, reboots of this magnitude have been known to upset services and applications so it's possible we will see similar problems to what we encountered in 2007, when a large Microsoft patch that required a reboot crippled applications, Skype in particular."
Adobe updates
On the same day, Adobe Systems Inc. said it will release critical patches for flaws in both Adobe Reader and Acrobat. The new release cover Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; Adobe Acrobat X (10.0) for Windows and Macintosh and Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh.
The company says it expects to make updates for Windows and Macintosh available Feb 8. The update for UNIX should be ready by the week of Feb 28.
~Robert Westervelt and Ron Condon