February Patch Tuesday update gives the gift of security

Instead of jewelry, chocolates, cards and flowers this February, Microsoft will be sending the gift of security.  

The nine not-so-sweet bulletin items include four classified as "critical" and five "important." All four of the critical bulletins will take care of remote code execution flaws for multiple versions of Windows, Microsoft .NET Framework and Microsoft Silverlight. As for the five less-critical items, they will attack both elevation of privilege and remote code execution holes in Windows, Office and Microsoft Server Software.

Related coverage:

Microsoft urges deployment of ASP .NET patches ASAP

While the somewhat large number of bulletins this month is not unusual for February's Security Update, what is out of the ordinary is the fact that Microsoft's OS is getting so much attention. "Their advance notification indicated they plan to release nine bulletins, and 21 CVEs next Tuesday," wrote Andrew Storms, director of security operations for nCircle. "This is very consistent with last year's 'valentine delivery' that included 12 bulletins and 22 CVEs. It's surprising that this month's patch affects almost every Windows operating system -- each OS is affected by five of the eight applicable bulletins."

Storms continues by discussing the reason why this is strange that, included with last month's 7-bulletin release, a large majority of issues are coming from newer Windows OS versions. "That's kind of weird because newer OS versions are generally more secure."

As with every Security Update rollout, IT should prioritize the critical items first, but only apply after adequate testing has been completed.

While Microsoft has not issued any detailed information on the bulletin items, a heads-up on what to expect can be found in the company's Security Bulletin Advance Notification.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected