Microsoft's February Patch Tuesday outlines five critical vulnerabilities


Microsoft's February Patch Tuesday outlines five critical vulnerabilities

Warwick Ashford

As previewed, Microsoft has released 12 security bulletins addressing 22 vulnerabilities in its monthly security update for February.

Five of the vulnerabilities are designated critical and should be patched as soon as possible. Affected software includes Internet Explorer, Office and Windows.

The update includes patches for three zero-day vulnerabilities related to Internet Explorer Cascading Style Sheets (CSS), Windows thumbnail images and an IIS FTP flaw that could allow remote code execution.

But the zero-day patches come as HP/TippingPoint's Zero Day Initiative (ZDI) discloses five new ones. Four of these affect Excel and one affects PowerPoint.

These vulnerabilities were made public before the patches were actually available because the advisory had been in the vendor's hand for longer than 180 days, said Wolfgang Kandek, chief technology officer at security firm Qualys.

The vulnerability broker has opened a total of 22 zero-day vulnerabilities. There is one each for EMC, Novell, CA, SCO; eight for IBM in Domino and Lotus Notes; and four for ZDI's parent company, HP.

"We will be watching to see how quickly the vendors, including CA, EMC, HP and IBM, will react," said Kandek in a blog post.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy