Microsoft to patch critical holes in IE, Office, Silverlight
Next week's Patch Tuesday will see seven security fixes rolled out to fix holes in Internet Explorer, Office 2010, and Microsoft's Silverlight platform.
Windows users will get the usual round of security patches from Microsoft next Tuesday.
Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.
The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other rich content, is geared for both Windows and Mac OS X.
The third critical patch addresses a flaw in Visio and the Microsoft Office Filter Pack. But the severity rating of this patch is a puzzle to Wolfgang Kandek, chief technology officer of security firm Qualys.
"It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work," Kandek said in a blog yesterday. "It will be interesting to see the attack vector for this vulnerability that warrants the 'critical' rating."
The fourth and final critical patch applies to a flaw in Microsoft's Sharepoint server and so affects only business customers. The other three patches are rated as important, which means the holes they address are not as serious, though Microsoft still advises users to install them.
Assuming Windows Update is set to automatic, critical patches are automatically installed. Important patches must be selected by the user in order to be installed.