Microsoft said in a post on the Technet Web site that it plans to release seven security bulletins on Tuesday, fixing eight security holes in a variety of products. Among them will be a fix for a new class of software vulnerability – the “Security Feature Bypass,” which could be used by attackers to make other exploits more potent, Microsoft said.
In a post on the company’s Security Response Center blog, the company indicated that its Tuesday, January 10, patch release would include seven bulletins, with one rated “critical,” meaning it could be used to aid in the propagation of an Internet worm, and six rated “important.” The security fixes affect all supported versions of Microsoft’s Windows operating system and its Developer Tools and Software, the company said.
Among the fixes is one, identified for now as “Bulletin 2” that Microsoft says is a new class of vulnerabilities that it terms “Security Feature Bypass,” which the company says could facilitate the use of another exploit.
In December, Microsoft issued 13 security bulletins, including a previously unknown vulnerability used by the Duqu malware.