Microsoft to address 22 flaws in Patch Tuesday updates

In its advance notification, Microsoft said it would issue 12 bulletins, three critical, addressing holes in Windows, Internet Explorer, Office, Visual Studio and IIS.

This Content Component encountered an error

Microsoft will issue 12 bulletins, three critical next week as part of its regularly scheduled Patch Tuesday round of updates, repairing holes across its product line.

In its February Advance Notification, the software giant said it would patch 22 vulnerabilities, addressing issues in Microsoft Windows Internet Explorer, Office, Visual Studio and IIS. The updates are scheduled to be released Feb. 8 at 1 p.m. ET.

Included in the February batch of patches is an update to repair a publicly disclosed vulnerability in its Windows Graphics Rendering Engine, which could be used in drive-by attacks. The flaw is in the way Windows accesses an object to run an application. A malicious thumbnail image can cause the Graphics Rendering Engine to fail. The maintainers of the Metasploit Framework created a module for the zero-day flaw last month, though there have been no reports of ongoing attacks targeting the vulnerability.

Microsoft is also addressing a serious memory bug in Internet Explorer that could be used by attackers to remotely execute malicious files. The flaw is in the Cascading Style Sheet (CSS) function within Internet Explorer surfaced in late December. An automated fix-it was issued and temporarily prevents the recursive loading of CSS stylesheets.

~Robert Westervelt

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close