Security Advisor

Another Light Patch Tuesday: Calm Before the Storm?

Has two small security updates in a row put you in a state of complacency?

When I saw Microsoft's puny patch rollout last month (no "critical" items and only two "important" items), I figured that Microsoft's security team were taking it easy, getting all their summer vacation time out of the way before its October launch craziness.  And I would have expected the last Patch Tuesday before Windows 8 descends upon us would be packed to the brim with RCE fixes for Windows, Internet Explorer cumulative security bulletins and hole patches for all products featuring the Microsoft name.

I couldn't have been more wrong.

Microsoft followed up its light offering with yet another small security update -- this time there was one critical bulletin item and six important items.

The lone critical update fixes an RCE flaw in Office that could lead to your system getting jacked if a malicious RTF file is previewed or opened. But, don't act too hastily; the vulnerability hasn't been figured out by attackers yet. So do your due diligence when testing. However, attackers won't be in the dark for too long, so taking your time with testing doesn't mean this can sit on the back burner for a while.

Just because Microsoft didn't want us to feel spoiled with a light workload, this month's patch also comes with two security advisories. The first is for that RCE certificate length change I've been nagging you about for the past few months. The big news this time around is that your option to download the update is no longer an option -- it is now mandatory. If you have automatic updating on, chances are you've already got it.

As for the second advisory, Microsoft found a flaw where its digital certificates were flying out the door without the correct timestamps. Flaw found and fixed. End of story.

What do you expect for November's Patch Tuesday? Are we going to be in for a colossally huge security update? Or will Microsoft, once again, take it easy on us? And what do you think is the over/under on Windows 8 getting a fix so soon after its arrival? Let me know in the comments below.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Outlines Steps for Bringing Classic Alert Rules into Azure Monitor

    Microsoft described how to modernize so-called "classic" alert rules to work with the new Azure Monitor service in a Thursday Azure announcement.

  • Microsoft Issues Windows Server HTTP/2 Attack Advisory

    Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.

  • Performing a Storage Refresh on Windows Server 2016, Part 2

    Earlier, Brien walked through the steps of preparing a physical Windows Server 2016 machine for a storage refresh. Now, he shows how to complete the process, all the way to OS restoration.

  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.