2 min read

Microsoft Plans 12 Security Fixes Next Week

Patch Tuesday's Valentine edition will include fixes for seven critical and five important vulnerabilities, as well as a Webcast for customer questions.
Microsoft is planning to release 12 security bulletins next week, the company said Thursday.

The latest dozen fixes to Microsoft's software are scheduled for release on Feb. 12. Microsoft plans to hold a Webcast on Feb. 13 to address customer questions.

Microsoft's February Patch Day will offer information about seven critical and five important vulnerabilities. The affected Microsoft software includes Active Directory, ADAM, IIS, Internet Explorer, Jscript, Office, VBScript, Visual Basic, Windows, Works, and Works Suite.

There's something for Mac users, too: Microsoft plans to address a vulnerability in Microsoft Office 2004 for Mac. While the company has not yet said what this vulnerability is, it probably has something to do with the Excel bug that surfaced in mid-January. The company issued a security advisory on Jan. 15 stating that it was investigating reports of a flaw in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac.

The disclosure of the Excel vulnerability led Microsoft and US-CERT, part of the national cybersecurity division at the Department of Homeland Security, to recommend that users of Microsoft Office not open unexpected e-mail messages with attachments or messages from unfamiliar sources.

Microsoft has also been investigating reported vulnerabilities in third-party ActiveX controls. Bill Sisk, security response communications manager for Microsoft, noted in an e-mail that Microsoft last year released a SiteLock Template for developers of ActiveX controls to prevent the controls from being misused by other sites.