Patch Tuesday to plug 26 holes in Windows and OfficeBy Matthew DeCarlo
Microsoft plans to issue an extensive update next Tuesday, with 13 security bulletins listed in its advance notification -- most of which are deemed high-priority. The release will tie last October's Patch Tuesday for the most security bulletins issued in a single month.
Five of the bulletins are critical and could lead to remote code execution, seven are important and include vulnerability impacts such as denial of service and elevation of privilege, and one bulletin has a moderate severity rating.
Among the fixes is one for a flaw in the kernel of 32-bit versions of Windows, which Microsoft detailed two weeks ago. Despite the mammoth release there are two noteworthy vulnerability fixes missing: an IE bug that could allow information disclosure, and a hole in the Server Message Block (SMB) protocol.
Affected software spans Windows 2000 to Windows 7, Server 2008 and 2008 R2, as well as Microsoft Office XP, 2003, and Office 2004 for Mac.