Security Advisor
4 'Critical' Bulletins Set for Microsoft's September Patch
Microsoft announced today that its September Security Update will include 14 bulletin items -- four rated "critical" and 10 "important."
With eight fixing remote code execution flaws, three elevation of privilege fixes, two denial of service bulletins and an information disclosure fix, next Tuesday looks to be a busy one for IT.
When prepping your own battle plan for the patch release, a pair of bulletins should be the first action taken, depending on your IT expertise, according to Wolfgang Kandek, CTO of security firm Qualys, Inc.
"Bulletin #2 should be high priority for your desktop security team; it addresses a flaw in Microsoft Office that can be triggered simply by previewing an e-mail in Outlook, even without explicitly opening the e-mail. Outlook in Office 2007 and 2010 is affected," said Kandek in an e-mailed response.
As for IT server teams, Kandek said they should focus on the first bulletin as soon as possible, as it concerns SharePoint Servers.
The remaining two critical items include a fix for Internet Explorer (versions 6 through 10) and a flaw correction in Windows XP and Windows Server 2003. With only seven more patch cycles left before XP loses support and 22 cycles left before Windows Server 2003's end of support, look for Microsoft to regularly feature fixes for both in the coming months.
Look for our in-depth look at this month's Microsoft Security Update to arrive with the patch release on Tuesday.