Microsoft Releases Details Of Tuesday's Security Patch Session

Software giant Microsoft has released an advanced notification on its security bulletin blog which gives details about the upcoming Patch Tuesday security update release, which will contain lightweight fixes covering eight important Windows and Office vulnerabilities.

According to security experts, the two updates will address eight security holes in Windows XP and Office productivity suite, that might allow remote code execution by cyber criminals by tricking users into opening a file containing malicious content.

Microsoft's senior Security Communications Manager Lead, Jerry Bryant, explaining the Patch Tuesday updates in detail, wrote on Microsoft Security Blog that "To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network based attack vectors."

However, the company failed to provide a patch for the highly controversial F1 help button vulnerability, which can allow remote code execution by cyber criminals that can trick the user into pressing the F1 help button.

Bryant said that the company was still monitoring the situation and will surely report back with a security patch. He also advised the customers that until a patch is found for the vulnerability, they should turn-off their VBScripts.

Our Comments

Microsoft needs to solve the F1 vulnerability as soon as possible as it is a zero-day one which could be used extensively by cybercriminals over the next few weeks. Just monitoring the situation is not enough to tackle an issue that might become well embarassing very soon.

Related Links

Microsoft readies March Patch Tuesday fixes

(V3)

Microsoft warns of impending patches

(The Inquirer)

Microsoft promises lightweight Patch Tuesday

(PC Pro)

Microsoft to issue two patches for March

(IT Pro)