Microsoft to fix four holes in Windows, Office

Patch Tuesday for March will include a "critical" bulletin affecting Windows and "important" bulletins for Windows and Office.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

Contrary to last month when Microsoft plugged 22 holes on Patch Tuesday, only four holes will be fixed in the company's monthly security update roundup next week.

There will be three bulletins, one of them rated "critical" for Microsoft Windows and the other two rated "important" and affecting Windows and Office, according to the preview advisory released today.

While they are few in number, they are not to be ignored. They all involve remote code execution, which means an attacker could force code to run on a target's machine and could lead to a complete takeover of the computer.

"The upcoming Patch Tuesday includes a fix for a DLL (dynamic-link library) hijacking vulnerability in the Microsoft Groove application," said HD Moore, chief security officer at Rapid7 and chief architect at Metasploit. "This was one of the hundreds of flaws discovered last year by both Rapid7 and another security firm. I am glad to see that Microsoft is making progress on these vulnerabilities and continuing to fix affected applications."