Microsoft has just released the February Advanced Notification for the upcoming Patch Tuesday.  Microsoft is planning on releasing 12 bulletins addressing 22 vulnerabilities.

Security Bulletin Breakdown:

  • 3 bulletins are rated Critical
  • 9 bulletins are rated Important
  • 5 bulletins address Remote Code Execution vulnerabilities
  • 5 bulletins address Elevation of Privilege vulnerabilities
  • 1 bulletin addresses a Denial of Service vulnerability
  • 1 bulletin addresses an Information Disclosure vulnerability

Affected Software:

  • All supported versions of Internet Explorer
  • All supported versions of the Microsoft Windows operating system
  • Microsoft Visual Studio
  • Microsoft IIS
  • Microsoft Visio XP, 2003 and 2007

This month is deemed as a large bulletin release month, but we are not seeing the numbers that we have been seeing, compared to previous ‘large’ bulletin releases.  The past two "large" patch days have been record breakers:

  • October 2010 - 16
  • December 2010 - 17

Every other month, Microsoft typically releases a cumulative update for Internet Explorer.  With the February patch Tuesday, the MRSC announced the Internet Explorer update will include a fix for a zero-day vulnerability discussed in Security Advisory 2488013.

MSRC announced the zero-day vulnerability discussed in Security Advisory 2490606 will be addressed as well.  Earlier this month, a vulnerability was publicly disclosed affecting the Windows Graphic Rendering Engine.  If you have applied the workaround stated in the Security Advisory, you will need to remember to undo the workaround before you patch your systems.
- Jason Miller