Microsoft is to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer and Microsoft Office on tomorrow's Patch Tuesday.
Jerry Bryant, security program manager for Microsoft Security Response Center, wrote in the company blog that three of the bulletins have a maximum severity rating of critical and three have a maximum severity rating of important.
Bryant said: “To help customers plan for their deployment of these updates, I want to specifically call out that they touch all supported versions of Windows and IE. On the Office side, the bulletins impact Project, Word and Works 8.5. All of the updates for Windows will require a restart so please plan accordingly.”
A vulnerability addressed in late November in Internet Explorer will also be covered, Bryant said: “We know that customers are concerned about this issue and we are also aware that proof of concept code is available publicly.”
Matthew Walker, regional director UK & Ireland at Lumension, said: “One thing to note – it appears that Microsoft is not issuing a patch for the recently announced TLS flaw that will most likely force updates to all brands of browsers and all SSL/TSL internet servers using SSL/TSL.
“Although organisations will have to wait until Patch Tuesday for confirmation, we are led to believe that Microsoft has chosen not to address this vulnerability in this round of patches. There is controversy in the security community as to the true importance of speeding a fix to market for this flaw, and no widespread exploits have been reported.
“In summary, IT teams should be ready to immediately deploy the upcoming critical Internet Explorer patch to all user machines (Bulletin 4) and to patch all Windows 2008 Servers (Bulletin 1), with Bulletin 4 being the most timely and critical of the two patches.”
Also, Adobe has announced that it is planning to release an update for its Flash Player next week to resolve a number of critical vulnerabilities. An update is to be released for Player 10.0.32.18 and earlier versions, while an update to Adobe AIR 1.5.2 and earlier versions will be released too.