It is the beginning of March and Microsoft just published the Advance Notice for this month’s Patch Tuesday.
We will get seven bulletins next week, affecting all versions of Windows, some Office components and also Mac OS X, through Silverlight and Office. Four of the bulletins carry the highest severity rating of critical.
Bulletin 1 will be on the top of our list next week. It fixes critical vulnerabilities that could be used for machine takeover in all versions of Internet Explorer from 6 to 10, on all platforms including Windows 8 and Windows RT.
Bulletin 2 addresses critical vulnerabilities in Microsoft Silverlight, both on Windows and Mac OS X, and is widely installed at least on end-user workstations to run media applications, for example Netflix.
Bulletin 3 is a vulnerability in Visio and the Microsoft Office Filter Pack. It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the critical rating.
The last critical bulletin is for Sharepoint server.
The three remaining bulletins are all rated “important” and apply to OneNote, Office 2010 for Mac and Windows itself.
Author: Wolfgang Kandek, CTO, Qualys.