Microsoft will issue five bulletins on next week’s Patch Tuesday, including two patches rated as critical.
The two critical patches are for remote code execution flaws in Windows and Microsoft Security Software, while important patches will be issued for vulnerabilities in Windows and the .NET framework.
Commenting, Wolfgang Kandek, CTO of Qualys, said that for the second consecutive month, there is no update to Internet Explorer, but one will be expected before the PWN2OWN competition in March.
He said: “Bulletin number one directly addresses a flaw in the Windows operating system and applies to both clients and servers, Windows 7, 2008, 8 and RT. But Windows XP and Vista are not affected.
“Bulletin number two is on the server side only for Microsoft’s Forefront Security product, which is an anti-spam and anti-malware tool for Microsoft Exchange Server. Bulletins three and four are local vulnerabilities for all versions of Windows, and address an elevation of privilege and an information disclosure vulnerability respectively. Bulletin number five addresses a denial-of-service condition in Windows 8.”
