News

Microsoft To Release Critical Patches for Vista, XP, Office, IE, Visual Basic

Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

• By Jabulani Leffall
• 02/07/2008

All of the seven critical items, like most patches in recent months, are designed to stave off remote code execution (RCE) bugs. As always, the advance notice isn't gospel as the nature, number and design of all the patches won't be known officially until Tuesday. But the preview is usually a pretty good indication of what's to come.

The first critical issue affects all Windows OS versions with the exception of Windows 2000 Service Pack 4.

Critical patch number two will be for Windows, Office and Visual Basic programs on all OS versions, though only Windows 2000 SP4, and all editions of XP and Vista were labeled as "critical."

The third critical item is another Windows fix specifically dealing with exploits that would affect VBScript and Jscript language parameters on all OS versions but Vista. VBScript and Jscript are used mainly by Web developers working with Internet Explorer.

Speaking of IE, the popular browser is what the fourth bulletin in the critical group will mostly address. This fix is supposed to patch the system to prevent the intrusion of RCE-based bugs in all versions of IE up to and including IE7 for Vista.

The remaining three critical patches deal succinctly with MS Office Publisher versions 2000 to 2003, the whole Office suite of applications in Office 2000 SP3; and Microsoft Word 2000 SP3 respectively.

Meanwhile, the patches Redmond believes to be "important," deal with a more diverse scope of hacker risks. The five fixes are comprised of two Denial of Service attack plugs, one Elevation of Privilege risk, and two RCE considerations to round out the group.

The first important fix will affect all OS versions and their accompanying Active Directory Programs while Vista will not be affected. Conversely, the second item only affects Vista.

The third item, meanwhile, deals with elevation of privilege considerations in all Windows OS releases as well as OS components such as MS Internet Information Services 5.0 and 6.0. Bulletin four, in the important group is likely a complement to the previous patch as it deals with IIS versions 5.1 and 6.0.

The last important fix for February's release is designed to address RCE exploits in all supported versions of Microsoft Works.

Of the 12 total patches, seven items will require restarts.

In addition to the large number of security patches compared to last month, Microsoft will also release seven non-security, high-priority updates on Microsoft Update and Windows Server Update Services, including its previously announced push of IE7.