Microsoft will release 13 bulletins, 11 of which affect Windows, and two of which address security vulnerabilities in Microsoft Office. Five of them are critical, seven are important, and one is rated moderate. Twenty-six vulnerabilities are addressed in all. Nine of the bulletins address vulnerabilities that enable remote code execution on Windows, including both of the Microsoft Office bulletins. Others address privilege elevation and denial of service issues.
Three of the critical vulnerabilities affect Windows Vista, Windows 7, and Windows Server 2008, including release two of that system. All five of them will affect Windows XP and Windows 2000.
The Microsoft Office bulletins only affect older versions of the suite, meaning that Office 2007 and Office 2008 for Mac users will not have any issues to address this month, Microsoft stated.
Microsoft will not patch the vulnerability in Internet Explorer discussed in its advisory 980088, which could allow files to be harvested from a hard drive if users of the browser are directed to a malicious website.
"We do not have an update for this issue planned for the normal February bulletin release," said Jerry Bryant, senior security communications manager at Microsoft. "However, this vulnerability only affects versions of Windows older than Vista in their default configuration, and there is a 'Fix It' available so customers in non-default configurations can protect themselves."