Patch Tuesday: 'Critical' Fixes for IE, Office

Microsoft is reportedly planning to release seven security fixes as part of its monthly Patch Tuesday update. The update includes fixes for four "critical" security flaws.

The March Patch Tuesday's seven fixes, four of which are marked "critical" -- Microsoft's highest security rating -- represents a decrease from February Patch Tuesday, when Microsoft issued roughly a dozen fixes designed to address almost sixty vulnerabilities.

Internet Explorer Vulnerable to Drive-By Attacks

Nevertheless, there are some important fixes for Microsoft users this time around. The most important is being called "Bulletin 1," and affects almost every version of Microsoft's popular Internet Explorer (IE) web browser.

Only the recently-released version of IE10 for Windows 7 does not need to be updated. The Windows 8 version of the browser is reportedly vulnerable. (Source: computerworld.com)

So, what's the problem? According to reports, the flaw could allow hackers to launch drive-by download attacks against users tricked into visiting a malicious website.

"Microsoft patched IE every month since November 2012, so it shouldn't surprise anyone that they're going to patch it again this month," noted nCircle security expert, Andrew Storms.

"Microsoft is clearly delivering on their commitment to release more frequent IE patches. They're never going to get the IE bug backlog down to zero, but you have to admire their determination to try." (Source: scmagazine.com)

Office Programs Also Vulnerable

Microsoft Visio, one of the lesser-known members of the Office software family, is also getting a "critical" fix. OneNote, an Office program that allows users to create keyword-searchable notebooks, will also get updated.

Unfortunately, little is known about the issues affecting these programs.

This month's Patch Tuesday is light on updates for Microsoft operating systems, though an update marked "important" will address a flaw in Windows RT, the operating system designed with mobile devices (like tablet computers) in mind.

It's not yet clear what issue the fix will address.

Microsoft is expected to release its security updates on Tuesday, March 12, at 1pm.