Microsoft To Start New Year With Seven Security Bulletins


Microsoft plans to start the new year with a relatively large number of security bulletins covering eight vulnerabilities.

The company said Thursday it would release seven bulletins Jan. 10, the year's first set of patches that Microsoft releases on the second Tuesday of every month. The number of fixes is much larger than the more typical one or two bulletins in January, Wolfgang Kandek, chief technology officer for security vendor Qualys, said.

Six of the latest bulletins cover the Windows operating system from XP SP3 up to Windows 7 and Windows 2008 R2. The seventh bulletin covers Microsoft developer tools.

One of the bulletins is rated critical and fixes a remote code execution problem in Media Player within Windows.. The rest get the important label. Along with the critical patch, Kandek recommends that companies give equally high priority to two other bulletins that involve remote code execution, which would expose a computer to being commandeered by a hacker.

One bulletin is under a new category called Security Feature Bypass. "It will be interesting to see which exact Windows features are involved and how this vulnerability can be used by attackers," Kandek said on Qualys' blog.

As usual, more of the patches are targeted at older versions of Windows than the new versions of Windows 7 and 2008 R2.

Along with Microsoft, Adobe and Oracle are scheduled to release patches this month. Adobe's release is set for Jan. 10 and Oracle Jan. 17.