News

Microsoft To Release Critical Patches for Vista, XP, Office, IE, Visual Basic

Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

IT pros better prepare to have their hands full next week as Redmond's February patch release is slated to roll out 12 security fixes -- seven rated "Critical," and five deemed "Important."

All of the seven critical items, like most patches in recent months, are designed to stave off remote code execution (RCE) bugs. As always, the advance notice isn't gospel as the nature, number and design of all the patches won't be known officially until Tuesday. But the preview is usually a pretty good indication of what's to come.

The first critical issue affects all Windows OS versions with the exception of Windows 2000 Service Pack 4.

Critical patch number two will be for Windows, Office and Visual Basic programs on all OS versions, though only Windows 2000 SP4, and all editions of XP and Vista were labeled as "critical."

The third critical item is another Windows fix specifically dealing with exploits that would affect VBScript and Jscript language parameters on all OS versions but Vista. VBScript and Jscript are used mainly by Web developers working with Internet Explorer.

Speaking of IE, the popular browser is what the fourth bulletin in the critical group will mostly address. This fix is supposed to patch the system to prevent the intrusion of RCE-based bugs in all versions of IE up to and including IE7 for Vista.

The remaining three critical patches deal succinctly with MS Office Publisher versions 2000 to 2003, the whole Office suite of applications in Office 2000 SP3; and Microsoft Word 2000 SP3 respectively.

Meanwhile, the patches Redmond believes to be "important," deal with a more diverse scope of hacker risks. The five fixes are comprised of two Denial of Service attack plugs, one Elevation of Privilege risk, and two RCE considerations to round out the group.

The first important fix will affect all OS versions and their accompanying Active Directory Programs while Vista will not be affected. Conversely, the second item only affects Vista.

The third item, meanwhile, deals with elevation of privilege considerations in all Windows OS releases as well as OS components such as MS Internet Information Services 5.0 and 6.0. Bulletin four, in the important group is likely a complement to the previous patch as it deals with IIS versions 5.1 and 6.0.

The last important fix for February's release is designed to address RCE exploits in all supported versions of Microsoft Works.

Of the 12 total patches, seven items will require restarts.

In addition to the large number of security patches compared to last month, Microsoft will also release seven non-security, high-priority updates on Microsoft Update and Windows Server Update Services, including its previously announced push of IE7.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.