News

Patch Tuesday To Address Multiple Microsoft Bugs

IT pros can expect a mammoth patch release for the month of October on Tuesday if Microsoft's advance notification is any indication.

In this month's upcoming security patch slate, there will be eight "critical" items and "five" important hotfixes, Microsoft suggests. And it appears Redmond isn't just playing catch up with lingering issues but will cast a wide net. This rollout aims to patch Windows components as well as Microsoft Office, SQL Server, Silverlight, Visio and other Microsoft solutions.

Remote code execution (RCE) exploits are once again the predominant theme. Ten bulletins will have RCE implications. Spoofing, elevation-of-privilege and denial-of-service risks will round out the batch of incursion considerations.

Critical Patches
All of the critical patches will aim at addressing RCE vulnerabilities. The first three critical patches will be Windows hotfixes.

Item No. 1 is expected to touch Vista and Windows Server 2008, while the second critical item will affect every OS except for Windows 7. Critical patch No. 3 will cover every OS except Vista, Windows Server 2008 and Windows 7.

For the fourth critical item, Redmond plans to switch gears. It will be a Windows and Internet Explorer combo fix. This bulletin will address IE versions 5.01 through 8 along with Windows OSes.

The fifth critical item will address every currently supported Windows OS. The sixth item will affect Microsoft Office components sitting mainly on XP operating systems, including Outlook, Visio and Visio Viewer.

The last two critical bulletins will deal with Web, server and developer components. Critical patch No. 7 will apply a fix to Microsoft Silverlight developer tools. The last critical item will be a grab-bag of fixes for Microsoft Report Viewer, SQL Server, Microsoft Forefront, Visual Studio.NET and Visual Studio FoxPro programs.

Important Patches
All of the important fixes will be Windows patches, according to Microsoft. The first and third important patches will address RCE exploits. The second important patch will be designed to thwart spoofing attacks. Important items No. 4 and No. 5 will tackle elevation-of-privilege and denial-of-service vulnerabilities, respectively.

What's common about the five important patches is this: besides being Windows patches, they will all touch Windows 7. 

Four of them affect every OS that's currently supported by Microsoft, plus Windows 7. Important patch No. 5 will cover the same turf except for Windows 2000 Service Pack 4.

Microsoft's October security patch release likely will keep IT pros busy with installation and testing tasks. Moreover, every single hotfix could require a restart. For those wanting more, Microsoft released this knowledgebase article describing nonsecurity and system updates that will come via Windows Server Update Services, Windows Update and Microsoft Update.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.