The bulletins -- to be released Tuesday -- address vulnerabilties in Windows; Internet Explorer (IE); Project, part of Office; and VBScript and JScript, two scripting languages supported by Microsoft, according to the software giant's advance notification advisory.
Andrew Storms, director of security operations at nCircle, a network security firm, told SCMagazineUS.com on Thursday that administrators should pay most attention to Bulletin 2.
"It's 'critical' for every Windows operating system, including 2008," he said. "It's going to be first on the list [to patch], absolutely."
The scripting vulnerabilities will be covered by a patch that was apparently withheld from the February round of bulletins after originally being slated for release, Storms said.
"There's a bunch of eyes on this one because the information was out there that there was a vulnerability in it," he said. "It will be interesting to see just how critical it is."
Storms also mentioned two patches that cover IE holes, which are representative of the current threat landscape.
"Client-side vulnerabilities, that's really where the attack target is the majority of the time these days," he said.
The five security bulletins are considered critical because they address vulnerabilities that could be exploited to execute remote code.
Microsoft also plans to push out three bulletins for flaws labeled important. Those cover issues in Windows and Visio.
Patch Tuesday this month coincides with the annual RSA Conference in San Francisco, so the update is sure to be a topic of conversation next week, Storms said.
"All the security minds from all walks of business will be in the same place at once," he said.
See original article on scmagazineus.com
Microsoft to deliver eight patches, five "critical"
By Dan Kaplan on Apr 4, 2008 10:03AM