February looks to be a busy month for Microsoft administrators. According to the latest advanced patch notification, the Redmond-based software company plans to release a dozen security bulletins next Tuesday. The bulletins will fix security flaws in Windows, Internet Explorer (IE), Office, the .NET Framework, and Exchange server. Microsoft rates five of the bulletins as Critical, and the rest as Important.
In the middle of last month, Microsoft released an out-of-cycle IE update to fix a flaw attackers were leveraging in the wild. It appears that update didn’t fix everything in IE since at least two of the upcoming bulletins affect the popular web browser.
As always, we’ll share more about these updates, and the vulnerabilities they correct, next week. You can also expect our IPS signature team to have signatures prepared for any known exploits that Microsoft shares with us. In the meantime, prepare your IT team for a pretty full plate of patches. — Corey Nachreiner, CISSP (@SecAdept)