also @ TechSpot: Gamers spend more money on iOS than dedicated handhelds

Microsoft to address 22 vulnerabilities next Patch Tuesday

By

On February 4, 2011, 7:30 AM

microsoft, pat
Microsoft has issued an advanced notification for the next Patch Tuesday, which falls on February 8. This month's patch cycle includes 12 security bulletins, three of which are ranked "critical," Microsoft's highest severity rating, while the remaining nine are classified "important." In all, 22 vulnerabilities will be fixed, including several that allow an attacker to gain control of Windows.

Among the addressed flaws is one associated with a CSS function in Internet Explorer that could lead to the execution of arbitrary code by visiting an attacker's web page. Notably absent is a fix for the cross-site scripting vulnerability in MHTML that affects all supported versions of Windows, though Microsoft has provided a workaround (scroll down and expand Mitigating Factors and Suggested Actions for more info):

  • Enable the MHTML protocol lockdown.
  • Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

Virtually all of Microsoft's supported operating systems will receive a patch, from Windows XP SP3 and Server 2003 SP2 through Windows 7 and Server 2008 R2. Internet Explorer 6, 7 and 8 are listed more than once, while affected Office software is limited to Visio 2002, 2003 and 2007. As usual, Microsoft will host a webcast to address customer questions on February 9 at 11AM Pacific. Oh, and nearly all of the bulletins call for a reboot, so heads up on that.


,

5 comments

User Comments: 5

Got something to say? Post a comment
  1. February 4, 2011 7:50 AM
    LightHeart said:

    If only IE had a No Script add-in.

    Reply
  2. February 4, 2011 2:35 PM
    Guest said:

    and for ie9 beta?

    Reply
  3. February 5, 2011 11:43 AM
    fpsgamerJR62 said:

    It would be nice if the next version of Windows didn't require a monthly Patch Tuesday schedule and well as the need to reboot after every major update.

    Reply
  4. February 5, 2011 3:51 PM
    captaincranky
    captaincranky, TechSpot Addict, said:

    If only IE had a No Script add-in.
    Why hold back? It would be nice if there was a version of "No Script" for opera as well.

    Reply
  5. February 7, 2011 3:22 AM
    Guest said:

    Opera does built in, and that doesn't satisfy your needs then you can get the No Script extension.

    Tools - Quick Preferences (F12) > Uncheck Enable java script 

    Simple really, and it's on a site by site basis.

    Or the No Ads, No Script Extension:

    https://addons.opera.com/addons/extensions/details/noads/1.0
    8/?display=en

    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Laptops

Downloads and Drivers

Downloads   Drivers  

J. River Media Center 18.0.187

ComicRack 0.9.169

Ashampoo UnInstaller 5.03

Files Terminator Free 2.5.0.11

Advanced Host Monitor 9.50

More Downloads

Latest Discussion

What game first got you hooked on gaming? 168 replies on Gaming

No monitor signal 62 replies on Audio and Video

Have DOTA 2 keys to give (steam requiered) 7 replies on Gaming

Steam trading zone 113 replies on Gaming

AMD Radeon HD 6550D Driver Issue 5 replies on Device Drivers

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.