Microsoft to fix eight Windows and Office holes

Microsoft will have a relatively light Patch Tuesday next week, fixing eight holes with two bulletins, but a fix for a zero-day VBScript vulnerability is still pending.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

March 4, 2010 3:53 p.m. PT

Microsoft will issue two bulletins fixing eight vulnerabilities rated "important" in Windows and Microsoft Office products on Tuesday, the company announced on Thursday.

This represents a light Patch Tuesday, a contrast to last month when the company patched 26 holes with 13 bulletins, including critical vulnerabilities for Windows.

Meanwhile, Microsoft is continuing to monitor the situation with a VBScript vulnerability that was disclosed on Monday, Jerry Bryant, senior security communications manager lead at the company, wrote in a blog post.

Proof-of-concept code has been published on the Internet that exploits that vulnerability, which affects older Windows systems running Internet Explorer. Microsoft suggested several workarounds until it releases a patch, including avoiding pressing the F1 key when prompted by a Web site.