Microsoft readying slew of critical updates

After kicking off 2008 with just two security updates in January, Microsoft plans to release one of its largest bundles of patches ever this week.

Twelve security updates are set to be released this week, the software vendor said Thursday in a note on its Web site. Seven of these have been given Microsoft's most serious rating of "critical." The remaining five are rated "important."

The critical updates are for Microsoft's Windows operating system, Internet Explorer and the company's Office software, all of which are frequent targets of hackers. Here's how they break down: Two of the critical updates are for Windows, and there is one update each for Internet Explorer, Office, Office Publisher and Microsoft Word. A critical update is also being readied for the VBScript and JScript scripting languages used by Internet Explorer.

By exploiting vulnerabilities in these applications, attackers could, in theory, run unauthorized software on a victim's PC, Microsoft warns.

The less-severe updates will be for Windows Vista, Active Directory and Microsoft Works. Two important updates are also planned for the Internet Information Services Web server software.

Microsoft releases its security updates on the second Tuesday of each month, a date known as "Patch Tuesday" in IT circles. Last year it released a total of 69 updates, an average of just under six per month, so next week's 12 releases are sure to keep IT administrators busy. (Compare Patch and Vulnerability Management products.)

The IDG News Service is a Network World affiliate.