Microsoft patches 22 flaws
Microsoft is to patch 22 flaws across its software next week, but isn’t issuing a fix for a cross-site scripting flaw in its Windows OS uncovered last week.
While Microsoft is fixing a zero-day IE flaw discovered in December, it’s not patching the more recent bug, which could let attackers take control of any version of Windows by targeting MHTML in certain types of documents. It has offered a workaround, available here.
Of the 12 patches that are being released to cover the 22 flaws, three are critical and nine rated important, across Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS.
“As part of this month’s update, we’ll be addressing issues related to two recent Security Advisories, a public vulnerability affecting the Windows Graphics Rendering Engine, and a public vulnerability affecting Internet Explorer,” noted communications manager Angela Gunn, on the Microsoft security blog.
“Additionally, we will be addressing an issue affecting FTP service in IIS 7.0 and 7.5,” she said.
Microsoft will release the patches, as usual, on Tuesday.