Patch Tuesday is once again upon us as Microsoft is preparing to push out a bundle of security fixes on March 12. The upcoming release will consist of seven fixes, four of which are deemed critical as they could allow an attacker to execute malicious code on a remote PC by tricking a user into surfing to a compromised website or clicking a phony link in an e-mail.
The first critical update addresses Internet Explorer. It is designed to fix all versions of the browser from IE6 through IE10 on all iterations of Windows starting with XP and including Windows 8 and Windows RT. A separate patch for Silverlight will patch a vulnerability on both Windows and Mac, Microsoft said in a recent security bulletin.
The third critical flaw affects Visio, an Office application, in addition to a separate flaw in the Office Filter Pack. Wolfgang Kandek, chief technology officer of security firm Qualys, said the severity rating of this patch is puzzling as it typically requires opening of an infected file in order for the attack to work. He noted that it will be interesting to see the attack vector for this vulnerability that warrants the critical rating.
The final critical patch addresses a flaw in Microsoft’s Sharepoint server which only affects business clients. The remaining fixes are classified as important which means the holes they fix aren’t serious but should probably be patched anyway. If you have Windows Update set to automatic, critical patches will be installed automatically while important patches must be installed manually.