Microsoft To Deliver Massive Security Patch on Tuesday

Microsoft today promised that a hefty December security update will arrive next week.

December's massive patch, scheduled to arrive on Tuesday, will seal 2010 as the year with the most vulnerabilities and security updates since the inception of Microsoft's Patch Tuesday event. The bad news for IT pros comes wrapped up in an advance notification, announced today.

Microsoft plans to release an astounding 17 patches this month. Two of the security bulletins are deemed "critical." Next, there will be 14 "important" patches to contend with, followed by a lone "moderate" patch.

"It is enough that IT administrators are addressing the current denial-of-service attacks surrounding WikiLeaks where anyone could very quickly become a target," said Paul Henry, security and forensic analyst at Lumension. "But now organizations also have to address this mid-sized disruptive Patch Tuesday from Microsoft with 17 bulletins, which all do or may require a restart."

Remote code execution (RCE) attacks top the list of considerations in this month's patch, with 10 security bulletins addressing the risk. Other risks targeted in this patch include denial-of-service attacks and elevation-of-privilege concerns. The main products to be patched include Windows, Microsoft Office, SharePoint, Exchange and Internet Explorer.

Critical Fixes
The first critical security bulletin appears to be a cumulative update for IE, the world's most widely used Web browser. The fix affects most versions, including IE 6, 7 and 8.

A cumulative fix for IE may be sorely needed. Verizon researchers recently said they had discovered "a previously undisclosed vulnerability" in the browser that allows attackers to bypass the Protected Mode in both IE 7 and IE 8. Microsoft also faced a holdover issue from last month that was described in this security advisory.

That's two outstanding issues affecting multiple versions of IE. As the year comes to a close, it looks like Redmond will be patching both of those flaws in this wide-ranging security update.

The second and final critical item will be a Windows patch that touches every supported Windows operating system.

Important and Moderate Fixes
The 15 important security bulletins expected next week describe multiple Windows operating systems, but Microsoft's patch support will only be for OSes it still supports.

SharePoint and Office, particularly Microsoft Publisher, are the other software products that will be affected in the important group of security bulletins. Microsoft plans to provide more details on Tuesday.

Meanwhile, the lone moderate patch will deal with Microsoft Exchange.

All patches may require a restart.

Also, Microsoft will be rolling out nonsecurity updates via its Windows Server Update Services (WSUS), Windows Update and Microsoft Update services. Details about those updates can be found here.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.