Sunday 9 November 2014

Microsoft warns of super-sized Patch Tuesday this week

It's getting close to security update time in Redmond yet again, and Microsoft has given notice that Windows and Office users can expect another nice, big pile of fixes on November's Patch Tuesday.
The software giant gave advance notice of no less than 16 security bulletins to be addressed on November 11, five of which have been flagged as "critical." Nine more are marked as "important" and the remaining two are considered "moderate" risks.
"This is the highest bulletin count we have seen from Microsoft this year," Chris Goettel, product manager for IT management firm Shavlik, told El Reg via email. May and August's Patch Tuesdays each featured nine bulletins.
One of November's critical bulletins pertains to all supported versions of Internet Explorer, ranging from IE11 all the way back to IE6 running on Windows Server 2003 SP2. IE patches have become a staple of Patch Tuesday, and if past months are any indication, this bulletin is likely to address multiple vulnerabilities.
The other critical bulletins address bugs in Windows itself, although just how severe the flaws are depends on which version of the OS you're running. No version is completely safe, however – even the Windows 10 Technical Preview will need to be patched.
Four of the five critical bugs are said to allow remote code execution, while the last could allow an attacker to gain administrative privilege on a vulnerable machine. Several of the less-severe flaws allow privilege elevation, as well, while others allow attackers to bypass OS security features.
Some of this month's bulletins are narrowly focused. Bulletin 6 pertains to Microsoft Office 2007 exclusively, for example, while Bulletin 10 affects some components of SharePoint Foundation 2010 SP2 and Bulletin 12 affects Exchange Server 2007, 2010 and 2013.
As usual, the fixes will all be made available via Windows Update, which means they will be applied automatically for most users. Microsoft is encouraging those who have disabled automatic updates to apply them promptly.
In past months, Adobe has also timed an update to its Flash plugin to coincide with Microsoft's patch dump. There's been no word of any such update for this month so far, but if Adobe has fixes up its sleeve, you should plan to apply those on Tuesday, as well.

No comments:

Post a Comment