Microsoft to fix eight Windows and Office holes

Microsoft will have a relatively light Patch Tuesday next week, fixing eight holes with two bulletins, but a fix for a zero-day VBScript vulnerability is still pending.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills


Microsoft will issue two bulletins fixing eight vulnerabilities rated "important" in Windows and Microsoft Office products on Tuesday, the company announced on Thursday.

This represents a light Patch Tuesday, a contrast to last month when the company patched 26 holes with 13 bulletins, including critical vulnerabilities for Windows.

Meanwhile, Microsoft is continuing to monitor the situation with a VBScript vulnerability that was disclosed on Monday, Jerry Bryant, senior security communications manager lead at the company, wrote in a blog post.

Proof-of-concept code has been published on the Internet that exploits that vulnerability, which affects older Windows systems running Internet Explorer. Microsoft suggested several workarounds until it releases a patch, including avoiding pressing the F1 key when prompted by a Web site.