Microsoft Predicts Tame Patch Tuesday for March
Microsoft published the Microsoft Security Bulletin Advance Notification for March 2010 and there are only two security bulletins predicted for next Tuesday--both rated as Important. Following the nearly record-breaking Patch Tuesday in February, IT administrators will appreciate getting a little bit of a break.
The advance notification discloses little in terms of details, but it does help IT administrators prepare by providing some warning of the number and severity of the security bulletins expected to be released next Tuesday, as well as a general idea of the type of vulnerability and the platforms affected.
The first bulletin predicted for the March Patch Tuesday affects Windows XP, Windows Vista, and Windows 7. According to the advance notification, a successful exploit of the vulnerability could result in an attacker being able to execute malicious code remotely on the target system.
The second security bulletin for next week affects Microsoft Office. The advance notification specifies that Office XP, Office 2003, and Office 2007 for the PC are all affected, as well as Office 2004 and Office 2008 for the Mac operating system.
In addition to the various full versions of Microsoft Office, there are a number of other peripheral applications that are affected. The Open XML File Format Converter for Mac, the Microsoft Excel Viewer, the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and both the 32-bit and 64-bit versions of Microsoft Office SharePoint Server 2007 are impacted as well.
Both the Windows and Office security bulletins are ranked with an aggregate severity rating of Important--meaning that some platforms or configurations may be at lower risk, but taken as a hole the vulnerabilities addressed in the bulletin are considered Important.
Microsoft defines the Important rating as "A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources."
Jerry Bryant, senior security communications manager at Microsoft, stressed in a blog post "To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network based attack vectors."
Both security bulletins suggest that a system reboot may be required once the appropriate patches and updates are installed.
After February, next Tuesday's security bulletins from Microsoft should be a proverbial walk in the park. But, it still helps to have a little heads up and be prepared.