Microsoft To Plug 22 Security Holes Next Week

Microsoft is to release 12 bulletins to patch some 22 security flaws in its software next week.

The 12 bulletins, of which three are rated ‘critical’ and nine ‘important’, will address issues in Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS, Microsoft Trustworthy Computing representative Angela Gunn said in a blog post.

"As part of this month's update, we'll be addressing issues related to two recent Security Advisories, a public vulnerability affecting the Windows Graphics Rendering Engine, and a public vulnerability affecting Internet Explorer," Gunn said.

"Additionally, we will be addressing an issue affecting FTP service in IIS 7.0 and 7.5."

Absent from the list of fixes is one for the recently discovered zero-day flaw in Internet Explorer. The bug targets IE’s MHTML protocol and is capable of allowing hackers to run malware scripts within the browser.

Microsoft is currently investigating the bug and has said it will release a fix either as part of its routine monthly patches, or as an out of cycle update. Until the patch is released, the software giant has provided a workaround here.

The patches will be released on Tuesday 9 February at 10:00 am PST.