Patch Tuesday: Microsoft to fix four critical flaws, all versions of IE at risk again

Microsoft will release seven fixes next week for Windows, Internet Explorer and Office, as well as a small handful for Windows Server and Silverlight, to address a number of security vulnerabilities.

The software giant warns that four of the patches will fix 'critical' vulnerabilities.

Three of the four 'critical' flaws affect Windows, Internet Explorer, Office, Windows Server and SharePoint, which could all lead to remote code execution—such as allowing hackers access to install malware without user prompts or permission. The flaws rated 'important' could lead to an elevation of user privileges or the disclosure of user data or personal information.

The most worrying vulnerability affects all versions of Windows XP (Service Pack 3) and above, including Vista, Windows 7 and Windows 8—including tablets running Windows RT—along with all versions of Internet Explorer 6 and above.

A second flaw relates to Silverlight, a popular Web plug-in used in replacement of Flash—often used by Netflix users—will also require patching to address a critical vulnerability that affects both Windows and Apple OS X machines.

The third 'critical' flaw affects Visio, an Office application, as well as a separate flaw in the Office Filter Pack. 

The fourth and final 'critical' update fixes a flaw that would allow an elevation of user privileges in SharePoint, Microsoft's Web-based content management (CMS) and portal service. An elevation of privileges would potentially allow a hacker to access an administrative account even if a user is logged in, granting them access to a far greater spread of system files or networked shares.

The remaining 'important' bulletins also include Mac users running Office for Mac 2008 and 2011. Another flaw that would allow an elevation of privileges in Windows XP SP3 up to Windows 8 will also be stamped out by the updates. OneNote 2010 is also affected by a 'important'-rated vulnerability.

Microsoft doesn't release the full details of the vulnerabilities until patches are made available. 

This should serve as an advisory notice for the upcoming Tuesday, March 12, when the patches are released through the usual update channels.