Microsoft has a relatively quiet Patch Tuesday planned for this month, with just six bulletins on the way for next week.
Just one of the bulletins is ‘Critical’, Microsoft’s highest severity rating. Four of the remaining five are rated ‘Important’, while the final bulletin is considered ‘Moderate.’ The most critical bulletin affects Microsoft Windows, which is also impacted by three of the other bulletins as well. The other updates are targeted at Visual Studio and Microsoft Expression Design.
“Organizations will have to reboot after applying the critical patch, which indicates that it is fix for a kernel-level bug,” said Marcus Carey security researcher at Rapid7. “There are two important bulletins that affect the Windows family as well. Bulletin six is labeled as moderate and only affects Windows operating systems post Windows 2003 Server. This means Bulletin six addresses issues which were introduced with Windows Vista.”
Carey speculated that the bulletin aimed at Expression Design is probably related to malicious file formats that could result in a compromise of system running the software.
“The Microsoft Expression Design bulletin will affect a small amount of consumers and organizations because of the limited distribution of the product,” he said.
“Bulletin 1 will be the most important,” noted Wolfgang Kandek, CTO of Qualys. “It is critical rated Remote Code Execution (RCE) and is applicable in all versions of Windows from XP to the latest Win 7 and Server 2008R2.”
In February, Microsoft issued fixes for a total of 21 bugs during Patch Tuesday. This month’s updates will be released March 13.