Microsoft slates IE, Windows, Office updates for next week
Microsoft announced Thursday it will deliver seven security updates next week, four of them rated “critical,” to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
March’s Patch Tuesday collection will be significantly smaller than last month’s, when Microsoft issued a dozen updates that patched a near-record 57 vulnerabilities.
Microsoft averaged close to eight updates monthly throughout 2012, said Andrew Storms, director of security operations at nCircle Security, and the count thus far this year — 8 in January, 12 in February, 7 in March—is close, with a slightly higher average of 9.
Four of the updates will be ranked critical, Microsoft’s highest threat rating, while the remainder will be labeled “important,” the next step below critical.
The most notable of the seven, pegged today as “Bulletin 1,” will affect all versions of IE, ranging from the 12-year-old IE6 to the just-released IE10 on Windows 8 and Windows RT.
IE10 on Windows 7, which started appearing on PCs powered by that OS just last week, will not be patched, indicating that Microsoft fixed the flaws there on the fly.
“It’s the third month in a row we’ve had an IE update,” observed Storms.
Last July, Microsoft said it would ditch its every-other-month cadence for IE, claiming that it had boosted staff and other resources, and was now able to release an update any month it chose.
Microsoft has issued an IE update in eight of the nine months since then.
Only one of the seven updates will impact Windows; “Bulletin 2,” rated as important, will patch one or more vulnerabilities in all versions except for Windows RT, the limited edition designed for tablets.
Storms noted that although March’s Patch Tuesday slate is light on OS updates, heavy on ones for Microsoft’s applications, it’s common for months to flip and flop between the OS and app categories.
Other updates sketched out by Microsoft’s advance notification today will address critical flaws in Visio, a relatively little-used member of the Office family; Silverlight; and SharePoint Server. Important updates will be issued for OneNote, the note-taking application that Microsoft has been aggressively promoting of late; and Office for Mac 2008 and 2011.
Visio was last patched in August 2012, Silverlight in May 2012 and SharePoint in Dec. 2012.
“This looks like a typical month,” said Storms. “Hopefully, we can take care of these, then go back to fixing or patching or just ripping out Java.”
Microsoft will release next week’s seven security updates on March 12 at approximately 1 p.m. ET.