Microsoft plans to issue seven security bulletins in the January Patch Tuesday release next week, fixing six vulnerabilities rated important and one rated critical. The bugs affect a variety of products, including Windows XP, Vista, Windows 7, Server 2003 and 2008 and Microsoft Developer Tools and Software.
Just three of the seven bulletins Microsoft will issue on Jan. 10 will fix a vulnerability that could lead to remote code execution. The others can either lead to elevation of privilege or information disclosure. However, there is one bulletin that Microsoft has said can also lead to “security feature bypass,” something that isn’t typically seen on the company’s security bulletins.
“In addition, eagle-eyed readers of the summary page will notice an unusual vulnerability classification, ‘Security Feature Bypass,’ for one of our Important-severity bulletins. SFB-class issues in themselves can’t be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit. For those interested in learning more, we expect the SRD blog to publish a detailed analysis of the matter on Tuesday,” Microsoft’s Angela Gunn wrote in a blog post.
The company will release full information on the patches and which vulnerabilities they apply to on Tuesday.