News

Microsoft To Deliver Massive Security Patch on Tuesday

Microsoft today promised that a hefty December security update will arrive next week.

December's massive patch, scheduled to arrive on Tuesday, will seal 2010 as the year with the most vulnerabilities and security updates since the inception of Microsoft's Patch Tuesday event. The bad news for IT pros comes wrapped up in an advance notification, announced today.

Microsoft plans to release an astounding 17 patches this month. Two of the security bulletins are deemed "critical." Next, there will be 14 "important" patches to contend with, followed by a lone "moderate" patch.

"It is enough that IT administrators are addressing the current denial-of-service attacks surrounding WikiLeaks where anyone could very quickly become a target," said Paul Henry, security and forensic analyst at Lumension. "But now organizations also have to address this mid-sized disruptive Patch Tuesday from Microsoft with 17 bulletins, which all do or may require a restart."

Remote code execution (RCE) attacks top the list of considerations in this month's patch, with 10 security bulletins addressing the risk. Other risks targeted in this patch include denial-of-service attacks and elevation-of-privilege concerns. The main products to be patched include Windows, Microsoft Office, SharePoint, Exchange and Internet Explorer.

Critical Fixes
The first critical security bulletin appears to be a cumulative update for IE, the world's most widely used Web browser. The fix affects most versions, including IE 6, 7 and 8.

A cumulative fix for IE may be sorely needed. Verizon researchers recently said they had discovered "a previously undisclosed vulnerability" in the browser that allows attackers to bypass the Protected Mode in both IE 7 and IE 8. Microsoft also faced a holdover issue from last month that was described in this security advisory.

That's two outstanding issues affecting multiple versions of IE. As the year comes to a close, it looks like Redmond will be patching both of those flaws in this wide-ranging security update.

The second and final critical item will be a Windows patch that touches every supported Windows operating system.

Important and Moderate Fixes
The 15 important security bulletins expected next week describe multiple Windows operating systems, but Microsoft's patch support will only be for OSes it still supports.

SharePoint and Office, particularly Microsoft Publisher, are the other software products that will be affected in the important group of security bulletins. Microsoft plans to provide more details on Tuesday.

Meanwhile, the lone moderate patch will deal with Microsoft Exchange.

All patches may require a restart.

Also, Microsoft will be rolling out nonsecurity updates via its Windows Server Update Services (WSUS), Windows Update and Microsoft Update services. Details about those updates can be found here.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Cloud Services Use on the Rise But Security Concerns Remain

    A recently published industry report suggested that use of public cloud services by organizations may nearly double in the next two years.

  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.