Microsoft plans six patches next week, ties November record
'Bulletin 3' affects nearly every version of Windows
Computerworld - Microsoft today said it will deliver six security updates Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office.
The updates will patch a total of 15 separate vulnerabilities, Microsoft said in a follow-up entry to its security response center's blog.
"Six is the lucky number this month," said Andrew Storms, director of security operations at nCircle Network Security. "Really, anything less than 13 is a lucky number."
Last month, Microsoft released 13 updates that patched 34 vulnerabilities, both records since the company started shipping monthly updates more than six years ago.
The six slated for next week, however, tie the record for the most issued in November, traditionally a light month for Microsoft updates. In November 2006, the company also delivered a half-dozen security updates. In 2007 and 2008, however, it shipped just two each year in November, while it released only one in 2005.
Of the half-dozen updates, Microsoft tagged three as "critical," the highest severity rating in its four-step scoring system, while the remaining trio were labeled "important," the next-lowest ranking. Four of the six affect one or more editions of Windows or Windows Server; the other two will patch Office, specifically Word and Excel.
Because there are no outstanding Microsoft-generated security advisories, Storms was at a loss about what next week's updates might fix. "But Bulletin 1 looks interesting," he said, noting that the critical update would patch only Vista and Server 2008. "Historically, you would expect a Vista patch to also affect XP, and maybe even Windows 7," Storms explained.
None of Tuesday's updates will affect Windows 7, Microsoft's just-released operating system, or the also-new Windows Server 2008 R2, the companion server software. Last month, Microsoft released the first patches for Windows 7's final code.
"There aren't any Windows 7 patches at all," Storms said. "So, so far so good." Windows 7 will be worth watching, however. "It will be more interesting down the road to see if Microsoft disclosed bugs they found in Windows 7, and fixed during development, but are just now going back and fixing in the older OSes."
Another update to watch carefully next week is the one Microsoft named "Bulletin 3" in its advance notification, the monthly forewarning that includes only the barest of details.
That update, also rated critical, affects everything version from the aged Windows 2000 to Vista and Server 2008. "I think No. 3 is the big one to watch next week," said Storms.
Another researcher agreed. "Our sources unanimously suggest that Bulletin 3 will be the issue that needs to be addressed first this month," echoed Sheldon Malm, senior director of security strategy at Rapid7, in an e-mail. "[Users] should take inventory of where Windows versions are within their environments so they can plan testing and roll-out of the patch for Bulletin 3 as quickly as possible."
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!