Microsoft's 'dirty dozen' security patches

Microsoft is to release 12 security patches on Tuesday, 13 February. Several are critical.

This year's second 'Patch Tuesday' includes five patches for Windows, and at least one of them is critical, according to Microsoft.

Two patches for the Microsoft Office suite are also included, again with the most serious being labelled critical.

The rest of the security patches address issues in Microsoft Visual Studio , Step-by-Step Interactive Training, Microsoft Data Access Components , and various security tools such as the Windows Live OneCare package, and its Windows Defender anti-spyware.

At least four of these are also labelled as critical, Microsoft's highest severity rating. Microsoft's definition of a critical update is that it fixes a vulnerability which may be exploited with no, or very little, action by the user.

14 known, un-patched, holes

Microsoft provided no further details on which problems it is fixing, other than that some of the updates may require a system restart.

There are 14 known, but yet to be patched, security holes in various Microsoft products, according to the Internet Storm Center (ISC) , a co-operative monitoring and alert system of cyber threats, which keeps a list of Microsoft bugs that need to be patched. At least five of those affect Microsoft Office, and at least one can be found in Microsoft Visual Studio.

"It'll be great if [Microsoft] fixes the right ones," said Johannes Ullrich, chief technology officer for the ISC, who noted that next week's release will be one of the company's larger security updates.

"Last month, they didn't fix any outstanding Office bugs, and they're high-value targets. It's important to get them fixed," Ullrich said.

The security updates will be available to download manually from Microsoft's website from Tuesday. Automatic updates will be sent out to users' PCs shortly after that.