Microsoft announced last week that it would ship six security updates this week to patch seven different vulnerabilities in Windows as well as a pair of for-developers-only programs. Microsoft also added that only one of the security updates was critical. Patch Tuesday for March of this year sees three more updates and three more patches than the previous year but will also fix fewer bugs than the releases of March ’08, ’09 and ’10.
As I mentioned above, only one of the updates was marked as “critical”, the highest threat ranking Microsoft issues, with four marked as “important” and the final one marked as “moderate”. One of the four important updates, as well as the critical one, will patch bugs that Microsoft has confirmed could be exploited by attackers to compromise PCs and plant malware on victimized computers.
Andrew Storms, Director of Security Operations at nCircle Security, discovered, based on the information disclosed by Microsoft about the updates, that “Bulletin 1″, which is the only critical update, should be the one most users should apply first.
According to Storm, “It’s rare to find a bulletin that transcends all versions of Windows. Either it’s a serious bug in code that was never touched during all the reworks from XP all the way to Windows 7, or what we’ve got here is a bulletin with multiple bugs grouped together. It could be one vulnerability affecting older versions and another for the newer versions.”
Microsoft also noted that Bulletin 3 also affects all versions of Windows, even though the underlying flaw could be used by skilled hackers to obtain additional rights. These “elevation of privilege” vulnerabilities are typically used by hackers along with other exploits to gain more access to a computer or the network it is attached to.
Aside from the four Windows updates, Microsoft also issued bulletins that targeted bugs in Visual Studio 2008 and 2010, as well as in Expression Design. Microsoft released all six updates yesterday at 1 p.m. In addition to Windows, Mozilla announced an update to Firefox 11 yesterday as well.
Source: PC World – March Windows Patches includes One Critical Bug