News

Microsoft's February Patch Tuesday outlines five critical vulnerabilities

As previewed, Microsoft has released 12 security bulletins addressing 22 vulnerabilities in its monthly security update for February.

Five of the vulnerabilities are designated critical and should be patched as soon as possible. Affected software includes Internet Explorer, Office and Windows.

The update includes patches for three zero-day vulnerabilities related to Internet Explorer Cascading Style Sheets (CSS), Windows thumbnail images and an IIS FTP flaw that could allow remote code execution.

But the zero-day patches come as HP/TippingPoint's Zero Day Initiative (ZDI) discloses five new ones. Four of these affect Excel and one affects PowerPoint.

These vulnerabilities were made public before the patches were actually available because the advisory had been in the vendor's hand for longer than 180 days, said Wolfgang Kandek, chief technology officer at security firm Qualys.

The vulnerability broker has opened a total of 22 zero-day vulnerabilities. There is one each for EMC, Novell, CA, SCO; eight for IBM in Domino and Lotus Notes; and four for ZDI's parent company, HP.

"We will be watching to see how quickly the vendors, including CA, EMC, HP and IBM, will react," said Kandek in a blog post.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy