Article

Microsoft to address 22 flaws in Patch Tuesday updates

SearchSecurity.com Staff

Microsoft will issue 12 bulletins, three critical next week as part of its regularly scheduled Patch Tuesday round of updates, repairing holes across its product line.

In its February Advance Notification,

    Requires Free Membership to View

the software giant said it would patch 22 vulnerabilities, addressing issues in Microsoft Windows Internet Explorer, Office, Visual Studio and IIS. The updates are scheduled to be released Feb. 8 at 1 p.m. ET.

Included in the February batch of patches is an update to repair a publicly disclosed vulnerability in its Windows Graphics Rendering Engine, which could be used in drive-by attacks. The flaw is in the way Windows accesses an object to run an application. A malicious thumbnail image can cause the Graphics Rendering Engine to fail. The maintainers of the Metasploit Framework created a module for the zero-day flaw last month, though there have been no reports of ongoing attacks targeting the vulnerability.

Microsoft is also addressing a serious memory bug in Internet Explorer that could be used by attackers to remotely execute malicious files. The flaw is in the Cascading Style Sheet (CSS) function within Internet Explorer surfaced in late December. An automated fix-it was issued and temporarily prevents the recursive loading of CSS stylesheets.

~Robert Westervelt


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: