Just one day before Valentine’s Day, Microsoft plans to release twelve patches fixing a variety of issues in Windows, Office, Visual Studio, and several other applications. At least five of these patches will be rated “critical.”
There could be an easy explanation for the unusually large size of Patch Tuesday this month. Four patches slated for release last month were dropped at the last hour, including a Windows-Visual Studio update that appeared in the advanced notification but never appeared.
If all patches were delivered as expected, it would tie a record for most patches issued in a single month. The last time Microsoft issued this many patches was in August 2006, when ten patches fixed Windows issues, and another two fixed Office problems.
It is fairly likely that one of the Office updates will fix holes now being exploited by a range of zero-day attacks, most of which have appeared since December of last year. At least four unpatched issues exist, according to security researchers.
However, not all of them would be fixed, unless they are bundled into a single patch – only two fixes for Office are due, of which the highest rating would be “critical,” and another for both Windows and Office, which has been rated “important.”
Most of the patches will come for Windows — five in total – with at least one being rated “critical.” It is possible that the first confirmed flaw in Windows Vista could be fixed, which involves a memory buffer issue in the Win32 library.
BetaNews tests have shown the issue to also affect XP and older versions of Windows.
Of the rest of the patches, one each is expected for the following: an important patch for Windows and Visual Studio; an important patch for Step-by-Step Interactive Training; a critical patch for Microsoft Data Access Components; and a critical patch concern the company’s OneCare, Antigen, Windows Defender, and Forefront security tools.
As is standard practice, Microsoft has not released any details of the issues to be fixed by Tuesday’s release.