February's Patch Tuesday is tomorrow, and, in what's become a pattern over the last few months, a quiet month (two patches in January) is being followed by a busy month, as there are 12 security updates to apply to affected systems.
Not Just Windows, This Time
This month, there are several important pieces of the Microsoft ecosystem other than Windows that get updated
Important Fixes For Corporate Propellorheads and the PCs They Love
Bulletin 1 fixes denial of service (DoS) attacks against Windows 2000 SP4 through Windows Server 2003 SP2 (but not Vista) when using Active Directory on Microsoft Windows (ADAM). Bulletin 3 addresses an elevation of privilege issue with most systems running Internet Information Services (IIS) version 5.x through 7.0 (only versions of Windows XP that use IIS version 6 are immune), while bulletin 4 deals with IIS versions 5.1 and 6.0 against a remote code execution exploit. IIS is an optional component in Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
Critical Fixes That Hit Close to Home
The majority (7 out of 12) of the vulnerabilities Patch Tuesday addresses this month are rated critical on most Windows versions, and they all revolve remote code execution. Bulletin 5 addresses these vulnerabilities in Windows XP SP2, Windows Server 2003, and Vista, while Bulletin 6 includes Windows 2000 SP4 as well as the others (as well as addressing a vulnerability in MS Office 2004 for MacOS and Visual Basic 6.0 SP6). VBScript 5.6, which is used by all Windows versions from 2000 up (except Vista) is the subject of Bulletin 7. Bulletin 8 deals with Internet Explorer 6 and 7 for all Windows versions from 2000 to Vista.
Fixes Galore for Legacy Office versions
Microsoft knows that lots of us (including me) are still running versions of MS Office prior to 2007, and almost all of the remaining fixes (at varying levels of importance) are aimed at various security flaws in several Microsoft Office components. Bulletin 9 is aimed at various implementations of Microsoft Works 6 file converter in Office 2003 SP2 and SP3, MS Works 8, and MS Works Suite 2005. Bulletin 10 deals with vulnerabilities in Microsoft Office Publisher 2000, 2002, and 2003. Meanwhile, Bulletin 11 covers flaws in Office 2000 SP3, Office XP SP3, and Office 2003 SP2, and Bulletin 12 addresses vulnerabilities in MS Word 2000 SP3, Word 2002 SP3, Word 2003 SP2, and MS Office 2004 for MacOS.
Last But Not Least, Another Vista Update
Bulletin 2 addresses DoS vulnerabilities in Windows Vista.
So, tune in on Tuesday to the February Microsoft Security Bulletin summary for links to all the fixes - or, if you're the patient type, wait until Windows Update or Microsoft Update delivers them over the next few days.