Friday, March 5, 2010

Microsoft Patch Tuesday heads-up: 2 bulletins, 8 vulnerabilities

Microsoft is planning a quiet Patch Tuesday this month: Just two bulletins with patches for eight security vulnerabilities.
According to Redmond’s Advance Notification, the vulnerabilities affect the Windows operating system and the Microsoft Office productivity suite.

Both bulletins are rated “important” because of the risk compromising the confidentiality, integrity or availability of user data.
Microsoft is recommending that Windows and Office users review its Advance Notification webpage and prepare to deploy the bulletins as soon as possible.
Customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network based attack vectors.
The patches will be released on March 9, 2009 around 11AM EST.
This month’s batch of patches will NOT include a fix for the recent Internet Explorer vulnerability that was publicly discussed earlier this week.  That vulnerability could allow attackers to run arbitrary code from a Web site if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
Microsoft has released Security Advisory 981169 with suggested pre-patch workarounds for affected IE users.

No comments:

Post a Comment