Only Two Bugs to Squash for March 'Patch Tuesday'

"Patch Tuesday" is looking like an easy time for systems administrators and PC support engineers when Microsoft releases its latest batch of bug fixes to the world next week.

Microsoft released its advance notice for next week's "Patch Tuesday" bug fixes and, for a change, system administrators should have a fairly peaceful week, since there are only two bugs ranked as "important" to patch this time around.

In order to make life a little easier for system managers, Microsoft (NASDAQ: MSFT) releases all, or most, of its monthly bug fixes on the second Tuesday of the month -- thus, it's called "Patch Tuesday."

To give those managers some warning as to how much time and resources to dedicate to patching Microsoft bugs each month, the company releases an advance notification regarding how many patches and their severity on the Thursday prior.

However, the company only gives out minimal information in advance of the actual release of the Security Bulletins that contain that the patches -- and a more detailed explanation of any vulnerabilities.

Last month, Microsoft ended up patching a slew of security holes, a total of 13 patches for 26 separate bugs.

The two patches coming next week both rank as "important," the second-highest rating in Microsoft's four-tier severity ranking system.

The first patch will fix a problem in Windows XP, Windows Vista, and Windows 7. The other affects Office XP, Office 2003, and Office 2007, as well as Office 2004 and 2008 for the Mac.

According to at least one security firm, this month's Patch Tuesday patches will not fix a VBScript vulnerability that can let a booby-trapped script take over a PC through Windows Help files.

"Although this issue won't be addressed by next week's monthly patches, a workaround will be provided. Of note, Microsoft has said they don't think it's a big issue, but only time will tell," Paul Henry, a security and forensic analyst at Lumension, said in an e-mail.

The two patches that will be released, however, mean a light workload this time around according to Henry as well as another security expert.

"No need to rush home from RSA [the RSA Conference taking place this week in San Francisco], since it is a pretty slow month in terms of Microsoft's Patch Tuesday," Josh Abraham, a security researcher at Rapid7, said in an e-mail.

Stuart J. Johnston is a contributing writer at InternetNews.com, the news service of Internet.com, the network for technology professionals.




Tags: security, Microsoft, bugs, Patch Tuesday, Security Advisory


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.