Patch Tuesday next week will address critical holes in Windows and Office, but not a recent hole in Internet Explorer.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Microsoft will patch 26 holes next week, including critical ones in Windows, one affecting the kernel of 32-bit versions, and several holes in Office, the company said Thursday in a preview of its Patch Tuesday.
Five of the 13 bulletins affect vulnerabilities that could lead to remote code execution and they are rated critical. The bulletins affect Windows 2000, XP, Vista, and Windows 7, as well as Server 2003 and 2008, Office XP, Office 2003 and Office 2004 for Mac, according to the advisory.
"The Office-related bulletins are both rated Important and would require user action to be exploited (usually in the form of convincing a user to open a specially crafted file)," Jerry Bryant, a senior security communications manager at Microsoft, wrote in a blog post. "The vulnerabilities only affect older versions of Office so customers on Office 2007 or Office 2008 for Mac will have no actions this month."
Included in the bulletins will be a fix for a hole in the kernel of 32-bit versions of Windows that Microsoft disclosed two weeks ago, Bryant said.
Meanwhile, Microsoft will not have fixes ready by Tuesday for two other issues--a hole in Internet Explorer that could lead to data leakage and which was disclosed on Wednesday, and a hole in the Server Message Block file-sharing protocol that was disclosed in November.
"We are not aware of any attacks on these vulnerabilities and continue to encourage customers to implement the mitigations and workarounds outlined in the advisories," Bryant wrote.