Microsoft planning major security update

February's Patch Tuesday includes 13 updates for 26 vulnerabilities

Microsoft is planning a major Patch Tuesday release next week, with 13 updates for a total of 26 vulnerabilities.

The company said in its Security Bulletin Advance Notification that it will issue fixes for Windows 2000, XP, Vista and Windows 7, as well as Server 2003 and 2008, Office XP, Office 2003 and Office 2004 for Mac.

Jerry Bryant, senior communications manager at Microsoft, urged users to update their systems as soon as the patches are released in order to avoid recurrent problems.

"We encourage customers to upgrade to the latest versions of Windows and Office. As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built in to these products," he said in a blog post.

Bryant added that security updates would soon cease for some products, and that customers using these versions should "consider upgrading before support for these products end as, once they do, we will no longer provide security updates".

Affected items include Windows XP Service Pack 2 and extended support for Windows 2000, both of which will be retired on 13 July.

The latest Internet Explorer flaw, which was discovered this week, will not be patched, however. Microsoft said that this vulnerability only affects versions of Windows older than Vista in their default configuration, and that there is a fix available so that customers in non-default configurations can protect themselves.

Matthew Walker, regional director for the UK at security firm Lumension, warned that IT departments should prepare for the updates to allow for as little disruption as possible.

"After a light start to the year in terms of patching, Microsoft is issuing a bumper load for IT departments to tackle. Bulletin six appears to be the most disruptive as it is critical across all Microsoft platforms - both server and desktop/laptop," he said.

"Microsoft indicates that a reboot is required, so this patch could impact the availability of key servers and the productivity of IT staff."

Walker added that there is some good news in that Microsoft Office does not have any critical patches, but said that IT departments will need to deploy a large number of patches to all Microsoft computers, many of which will require a forced reboot.

"Therefore, it will be imperative to plan ahead this month on how these patches should be deployed throughout the enterprise to minimise the possibility of widespread disruption," he said.

The patches will be released on 10 February.