News

Microsoft Puts Out First Monthly Security Bulletin

Microsoft on Wednesday issued the first of its new monthly security bulletins. The first installment is a blockbuster, fixing seven vulnerabilities, five of them critical. Five vulnerabilities involve Windows and two vulnerabilities affect Exchange.

The big group of patches comes less than a week after CEO Steve Ballmer unveiled the new monthly patching program. Previously, Microsoft released security bulletins on Wednesdays, although the software giant often skipped weeks if it had no patches to deliver or released patches on other days of the week if they were urgent enough. Microsoft still reserves the option to release a patch for an especially severe problem at any time.

Official reasons for the new process include a predictable schedule to help customers build Microsoft system patching into their regular IT duties and more time between patches to give customers long enough to evaluate, test and install patches.

"A major benefit of switching to a monthly release cycle for security patches is that it allows customers to install multiple patches with a single install and single reboot," Microsoft added in a white paper on the new process.

Microsoft seems to be betting that making the process more regular and encouraging users to plan on it every month will give legitimate users an edge against hackers. In many cases, the posting of a Microsoft security bulletin has served as the starting line for a race in which IT departments struggle to get their systems patched as hackers hurry to reverse engineer the vulnerability to create exploits that can be dropped into automated attack tools.

After the initial monthly patch on Wednesday, Microsoft plans to hold future regular patching days on the second Tuesday of every month.

Seven New Vulnerabilities

On the first official release date of Microsoft's new patching process, Microsoft put out seven security bulletins. Microsoft has apparently been saving them up for some time. The software giant last published a security bulletin on its regular Wednesday schedule five weeks ago on Sept. 10. Microsoft did put out a special, urgent cumulative bulletin for Internet Explorer a week and a half ago on Oct. 3, however. (See story).

Among the seven bulletins released Wednesday, five dealt with problems in Windows. Four of those were critical problems that could result in an attacker remotely taking control of a user's machine or a server. Another Windows problem that could also allow remote code execution was rated important.

An executive summary of the Windows flaws with links to the individual Windows bulletins and patches was available here.

Microsoft also disclosed two newly discovered flaws in Exchange servers -- one critical, one moderate. Both flaws could result in an attacker gaining control of the server. The summary with links to those security bulletins was available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus