Microsoft gears up for a fat January Patch Tuesday

SOFTWARE PATCH HOUSE Microsoft is readying one of its biggest January Patch Tuesdays to date with seven bulletin updates.

The first updates of the year will be released on 10 January and will span multiple versions of Windows and Microsoft developer tools. The seven bulletins will cover eight vulnerabilities.

The first bulletin is tagged as critical, the highest rating the firm uses, and relates to remote code execution. The remaining bulletins are all rated as important, the second highest rank, two of which also enable remote code execution.

The remaining four bulletins are tagged as security feature bypass, elevation of privilege and information disclosure items. Microsoft's January patch typically contains one or two bulletins.

Wolfgang Kandek, CTO of IT security firm Qualys said, "Bulletin two stands out as it is tagged as 'Security Feature Bypass', which is a new category. Next Tuesday it will be interesting to see, which exact Windows features are involved and how this vulnerability can be used by attackers."

He pointed out that the critical rating for bulletin one can be downgraded to important for Windows 7 and Windows 2008 R2 users, and those releases are not vulnerable to bulletins three and four. µ