Microsoft previews 12 security bulletins, 7 'critical'; Excel fix likely en route

Microsoft previews 12 security bulletins, 7 'critical'; Excel fix likely en route

Summary: Microsoft on Thursday issued advance notice of 12 security bulletins ahead of its February batch of patches with seven critical flaws affecting Vista, Internet Explorer and Office.The most notable patch will likely cover that Excel zero day vulnerability that surfaced last month.

SHARE:

Microsoft on Thursday issued advance notice of 12 security bulletins ahead of its February batch of patches with seven critical flaws affecting Vista, Internet Explorer and Office.

The most notable patch will likely cover that Excel zero day vulnerability that surfaced last month. Since Microsoft confirmed the Excel vulnerability and issued an advisory on Jan. 16 it's a safe bet that its patches on Feb. 12 will cover it.

In its advance notification posting, Microsoft said the seven critical bulletins all cover remote code executions vulnerabilities. These bulletins affect Windows XP and Vista, Office, Internet Explorer and Visual Basic.

Here's a breakdown by product:

  • Microsoft's critical bulletins address remote code execution flaws in Microsoft Office 2004 for the Mac, Microsoft Office 2000 Service Pack 3, Microsoft Word 2000 Service Pack 3 and Microsoft Office Publisher 2002. An important bulletin was issued for Microsoft Office 2003 Service Pack 2, Microsoft Word 2002 Service Pack 3, Word 2003 Service Pack 2 and Microsoft Office 2004 for the Mac.
  • Internet Explorer had a few bulletins rated critical due to remote code execution flaws. Versions affected include: IE 5.01 Service Pack (SP) 4 on Windows 2000 Service Pack 4; IE 6 SP 1 when installed on Windows 2000 SP 4; IE 6 for various flavors of XP; IE 6 for Windows Server 2003 (various flavors); IE 7 for XP, Windows Server 2003 and Vista. In a nutshell, if you have IE you'll need these upcoming patches.
  • XP SP 2, Windows 2000 SP 4, Windows Server SP 1 and SP2, Windows Server 2003 x64 Edition (and any service pack) and Vista all had critical bulletins for remote code execution. There are also important denial of service bulletins for these versions of Windows too.
  • Visual Basic had critical bulletins for remote code execution vulnerabilities. Versions affected include: VBScript 5.6 on Windows 2000, XP and Server 2003 (various service packs.
  • Microsoft Internet Information Services 5.0, 5.1, 6.0 on Windows XP, Server 2000 and Server 2003 (including service packs) had important bulletins covering mostly elevation of privilege and remote code execution issues.
  • Active Directory on Windows 2000 SP 4, XP SP2, and Server 2003 had important to moderate bulletins for denials of service flaws.

Topics: Security, Collaboration, Microsoft, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Live Update on Exactly WHAT Date?

    Since we run apps overnight, it would be nice to know WHEN "Windows Live Update" is going to do all this. That way, we can shut all apps properly the night before, and get in early the next morning to do damage conrol, if necessary.
    Might you know the date? Thanks.

    Rick
    RickHamiltonMBA@...
    • woops

      Tuesday, Feb 12. will update post. Typically the preview comes the thursday before the actual patch day.
      Larry Dignan
      • Manual Updates solve that

        That is exactly why I don't use automatic updates. It really isn't that hard to check for updates manually. You can push them down the network w/o any help from MS.
        The_Quietman
        • I didn't understand.

          What is exactly why you update manually? The blogger not having the date? You obviously know it's the second Tuesday of each month, but they have been known to push out something in between on a few occasions. <br><br>
          For any networks at sites i'm involved, they just use the free WSUS and it works fine. The control of what goes out and when is quite granular enough to make sure clients are patched on a timely basis. Having the rare security update (no serivce packs etc., only critical patches get pushed out ) cause an issue with your clients is better than one bot loose on the network.
          <br><br>
          At home I manually update. I don't like the way autoupdates work when not controlled by WSUS.
          xuniL_z
          • Manual Update?

            Dear ALL,
            How is a manual update done?

            David
            dssempiir@...
  • RE: Microsoft previews 12 security bulletins, 7 'critical'; Excel f

    Gadzooks! It seems like only yesterday that Microsoft told us Vista would be orders of magnitude more secure than their previous operating systems, and they were generally believed - or at least given the benefit of the doubt. Today, 7 remote code execution holes are officially acknowledged.

    Aside from botnet trojans, browser hijacks, a safe haven for spyware, "forced upgrades" that add nothing but cost to already expensive software, what exactly does Microsoft have to offer? Oh yeah - a fairly decent gaming box!

    The only reliable security patch for Internet Explorer is Mozilla Firefox (with honorable mention to Opera). The only reliable security patch for Microsoft Office is Open Office
    + Mozilla Thunderbird (with honorable mention to Pegasus Mail). Impractical? Maybe not - the entire government of Israel from Prime Minister to dog catchers uses Open Office. The French national police force liked Open Office so much that it led them to go all the way - they just announced that they are switching over to Linux.

    A skilled administrator who refuses to permit Microsoft appolication software to talk to the public Internet in any way, can configure a Microsoft operating system to be acceptably stable and secure: Until or unless users start moving MS Office documents back and forth from their uncontrolled home machines, that is. "Typical users" and corporate environments where non-IT management calls the shots simply have no chance.
    aomuwidj@...
    • Shhh!!! You're Not Supposed To Remember What Was Promised With Vista

      You're supposed to assimilate and accept and not question the great authority known as Microsuck.
      itanalyst
    • My similar experience with LINUX

      I had a LINUX box and it seemed like there were multiple security patches every day. I'm sure this wasn't the case but it definitely seemed more frequent.

      I have run Linux
      Mac OS X
      Windows (most versions) but lately XP and Vista

      I have kids who play their games on the Vista machine and go online. The difference between Vista and XP has been that I spend much less time having to maintain the computer with Vista. It has gone for months at a time without me having to fool around with it. Everyone runs in user mode.

      Mac OSX we patched once and then I had to spend the next few hours reinstalling the OS.

      Quite frankly I don't find any OS dramatically superior to others I have had problems with all of them.

      Linux - wouldn't work with the wireless gear I tried, stuff that worked great in Windows. And I tried all the various approaches. I was too cheap to go buy hardware specifically known to work with Linux. The user experience was ok but just ok. Getting hardware to work with it without editing tons of config files was a pain.

      MacOSX I have had problems too. Three re-installations of the OS after failure to boot with kernel panics.
      DevGuy_z
      • every OS...

        sux from AppleDOS to linu, linu, linux....
        0g69
      • Linux patches

        DevGuy_z wrote:

        [i]I had a LINUX box and it seemed like there were multiple security patches every day.[/i]

        Patches come out frequently for linux software, but only a fraction of them are usually security related. Besides, wouldn't you rather have vulnerabilities patched early, instead of waiting a month or more for a fix? Especially since you only need to reboot if the kernel is affected.
        JDThompson
  • Shock to see Creative Labs audigy driver Vista

    I had to reinstall Vista today and was shocked to see Creative Labs drivers for my Audigy card on Windows Update site.

    I guess that's an improvement.
    Randalllind