Security Advisor

Another Light Patch Tuesday: Calm Before the Storm?

Has two small security updates in a row put you in a state of complacency?

When I saw Microsoft's puny patch rollout last month (no "critical" items and only two "important" items), I figured that Microsoft's security team were taking it easy, getting all their summer vacation time out of the way before its October launch craziness.  And I would have expected the last Patch Tuesday before Windows 8 descends upon us would be packed to the brim with RCE fixes for Windows, Internet Explorer cumulative security bulletins and hole patches for all products featuring the Microsoft name.

I couldn't have been more wrong.

Microsoft followed up its light offering with yet another small security update -- this time there was one critical bulletin item and six important items.

The lone critical update fixes an RCE flaw in Office that could lead to your system getting jacked if a malicious RTF file is previewed or opened. But, don't act too hastily; the vulnerability hasn't been figured out by attackers yet. So do your due diligence when testing. However, attackers won't be in the dark for too long, so taking your time with testing doesn't mean this can sit on the back burner for a while.

Just because Microsoft didn't want us to feel spoiled with a light workload, this month's patch also comes with two security advisories. The first is for that RCE certificate length change I've been nagging you about for the past few months. The big news this time around is that your option to download the update is no longer an option -- it is now mandatory. If you have automatic updating on, chances are you've already got it.

As for the second advisory, Microsoft found a flaw where its digital certificates were flying out the door without the correct timestamps. Flaw found and fixed. End of story.

What do you expect for November's Patch Tuesday? Are we going to be in for a colossally huge security update? Or will Microsoft, once again, take it easy on us? And what do you think is the over/under on Windows 8 getting a fix so soon after its arrival? Let me know in the comments below.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.