X
Tech

Microsoft to issue Windows, IE and Silverlight patches

[CORRECTION] All versions of Windows and Internet Explorer will receive updates on Patch Tuesday next week. The recent IE zero-day will be included in the fixes.
Written by Larry Seltzer, Contributor

The penultimate Patch Tuesday for Windows XP will include fixes for that product and all other versions of Windows. According to the Microsoft Security Bulletin Advance Notification for March 2014, there will be a total of five updates released next week, two of them addressing critical vulnerabilities.

Microsoft says that the recent zero-day vulnerability in Internet Explorer will be fixed in this set of updates. That vulnerability affects only IE9 and IE10. Only one IE update is listed in this month's Advance Notification, and it affects all versions of Internet Explorer, so more than one vulnerability must be fixed.

[CORRECTION: An earlier version of this story said that the IE zero day was not fixed by these updates.]

That one IE update is for remote code execution bugs rated critical on all client versions of Windows. Another critical Windows vulnerability, also enabling remote code execution, affects all Windows versions other than RT and Server Core. Server Core is the only Windows version to have no critical updates this month. Two other updates with a maximum rating of important, one an privilege elevation vulnerability and the other a security feature bypass, affect nearly all Windows versions.

The final update fixes an important vulnerability or vulnerabilities in Microsoft Silverlight 5, including the Mac versions. This fix is also for a security feature bypass.

Microsoft will also release a large number of non-security updates next Tuesday.

Editorial standards