Microsoft's Valentine's Day gift: Seven new patches

In lieu of sending a card, candy or flowers, the software giant next week will send administrators seven new security bulletins, five of which have been deemed critical.

While romance will undoubtedly be in the air for many on Tuesday, Microsoft next week will celebrate Valentine's Day by releasing more than a half dozen new security patches.

In a posting Thursday on its TechNet site, Microsoft outlined what to expect in its next regularly scheduled "Patch Tuesday" release, which this month falls on Valentine's Day, Feb. 14.

The software giant will make public a critical bulletin affecting Windows Media Player and four critical bulletins affecting the Windows operating system. It didn't reveal any further details, other than that some of the Windows updates will require a system restart.

Also, Microsoft announced it will release a pair of "important" bulletins Tuesday, one affecting Microsoft Office and another affecting both Windows and Office. Each is likely to require a restart.

Per usual, all seven of the updates will be detectable using the Microsoft Baseline Security Analyzer, its tool to help small and midsize businesses stay on top of its patch releases.

It's possible that Microsoft's upcoming bulletins will address a number of software flaws revealed this week. The company issued a pair of advisories Tuesday, one involving a vulnerability in Internet Explorer that could allow an attacker to execute arbitrary code on a user's system, and one involving a security hole in Windows in which a certain tool could allow a malicious user to launch a privilege escalation attack.

Earlier in the week, the software giant acknowledged it was looking into reports of another Windows flaw, for which exploit code has been circulating.

Microsoft had been easing up on its monthly patch totals recently, but this month's releases will mark its largest number of simultaneous bulletins in four months. Last month it threw security pros a curveball by initially saying it would wait until Tues., Jan. 10 to release the much-anticipated patch for the Windows meta file (WMF) glitch that had been the target of numerous exploits, but it later reversed course and released the patch five days early.

"Microsoft originally planned to release the update Tuesday, Jan. 10, 2006 as part of its regular monthly release of security bulletins once testing for quality and application compatibility was complete," the vendor said last month in a statement. "However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible."

The following week it released a pair of regularly scheduled critical fixes for Windows, Exchange and Office. Looking back over recent months, Microsoft released two bulletins in December and one in November. In October it released a whopping nine security patches.

As is often the case, Microsoft this month will also release one non-security high-priority update, which will be available via Microsoft Update and its Windows Server Update Services (WSUS). It will not release any non-security high-priority updates for Windows on Windows Update or its Software Update Services (SUS).

A new edition of its malicious software removal tool will also be released next week. Offering its standard disclaimer, Microsoft said the number of bulletins, products affected, restart information and severities are all subject to change until the bulletins are released.

This article originally appeared on SearchSecurity.com.

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close