Microsoft will issue nine security bulletins covering 21 flaws this Valentine's Day, marking a medium weight release for IT departments to deal with.
Four of the bulletins have been rated critical and IT managers have been advised to focus on covering those affecting Internet Explorer first.
"There is the expected critical update to Internet Explorer which should be highest priority. After all, we saw last month how quickly attackers are incorporating browser based attacks into their toolkits; an exploit for MS12-004 was detected a mere 15 days after Patch Tuesday," said Wolfgang Kandek, CTO of Qualys, in a blog post.
"There are also two critical fixes for WIndows itself, plus one for the .NET framework that should be prioritised.
"In the important' category, there are three Remote Code Execution vulnerabilities, one of them in Office. Most likely we are looking at file based attacks and at least the Office vulnerability should be included in your first tier of patching."
IT managers running Windows Server 2008 R2 will also want to ensure they take note of the release on 14 February.
For the full advisory from Microsoft, head here.
Last month, Microsoft issued a total of seven bulletins for eight vulnerabilities.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
-
Sitecore XP RCE flaw is being actively exploited, ACSC warnsNews The vulnerability was fixed last month but hackers are now moving against patching laggards
