Microsoft issued an advanced bulletin notification on Thursday detailing 26 vulnerabilities the company plans to fix on Tuesday February 9.
February's Patch Tuesday will include 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. The huge bumper Patch Tuesday will also include a fix for a 17 year old Windows vulnerability. Eleven of the bulletins affect Windows and the remaining two affect Office. The Office vulnerabilities only affect older versions of Office. Office 2007 and Office 2008 for Mac are unaffected.
Microsoft also confirmed it will not be issuing a patch next Tuesday for a new flaw discovered in Internet Explorer 6, 7 and 8 recently. Jerry Bryant, Sr. Security Communications Manager at Microsoft stated "We do not have an update for this issue planned for the normal February bulletin release. However, this vulnerability only affects versions of windows older than Vista in their default configuration." The new vulnerability affects IE 5.01 and IE 6 on Windows 2000, IE 6 on Windows 2000 SP4 and IE6, IE7 and IE8 on Windows XP and Windows 2003. IE7 and 8 on Windows Vista, Windows 7 and Windows Server 2008 are only affected if a user opts to disable protected mode or, in the case of Windows Server 2003 and 2008, is not running IE in Enhanced Security Configuration.
Microsoft also took the time to remind customers about Windows versions that are reaching the end of their product lifecycle:
- Windows XP Service Pack 2 will no longer be supported as of July 13, 2010. Microsoft recommends upgrading to Service Pack 3 or to Windows 7 as soon as possible.
- Windows Vista RTM will no longer be supported as of April 13, 2010. Service Pack 1 will still be supported until July 12, 2011 but Microsoft recommends customers update to Service Pack 2 or Windows 7.
- Extended support for Windows 2000 will also be retired on July 13, 2010. At that time, Microsoft will no longer provide security or any other updates for Windows 2000.