Microsoft plans six patches next week, ties November record
'Bulletin 3' affects nearly every version of Windows
Computerworld - Microsoft today said it will deliver six security updates Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office.
The updates will patch a total of 15 separate vulnerabilities, Microsoft said in a follow-up entry to its security response center's blog.
"Six is the lucky number this month," said Andrew Storms, director of security operations at nCircle Network Security. "Really, anything less than 13 is a lucky number."
Last month, Microsoft released 13 updates that patched 34 vulnerabilities, both records since the company started shipping monthly updates more than six years ago.
The six slated for next week, however, tie the record for the most issued in November, traditionally a light month for Microsoft updates. In November 2006, the company also delivered a half-dozen security updates. In 2007 and 2008, however, it shipped just two each year in November, while it released only one in 2005.
Of the half-dozen updates, Microsoft tagged three as "critical," the highest severity rating in its four-step scoring system, while the remaining trio were labeled "important," the next-lowest ranking. Four of the six affect one or more editions of Windows or Windows Server; the other two will patch Office, specifically Word and Excel.
Because there are no outstanding Microsoft-generated security advisories, Storms was at a loss about what next week's updates might fix. "But Bulletin 1 looks interesting," he said, noting that the critical update would patch only Vista and Server 2008. "Historically, you would expect a Vista patch to also affect XP, and maybe even Windows 7," Storms explained.
None of Tuesday's updates will affect Windows 7, Microsoft's just-released operating system, or the also-new Windows Server 2008 R2, the companion server software. Last month, Microsoft released the first patches for Windows 7's final code.
"There aren't any Windows 7 patches at all," Storms said. "So, so far so good." Windows 7 will be worth watching, however. "It will be more interesting down the road to see if Microsoft disclosed bugs they found in Windows 7, and fixed during development, but are just now going back and fixing in the older OSes."
Another update to watch carefully next week is the one Microsoft named "Bulletin 3" in its advance notification, the monthly forewarning that includes only the barest of details.
That update, also rated critical, affects everything version from the aged Windows 2000 to Vista and Server 2008. "I think No. 3 is the big one to watch next week," said Storms.
Another researcher agreed. "Our sources unanimously suggest that Bulletin 3 will be the issue that needs to be addressed first this month," echoed Sheldon Malm, senior director of security strategy at Rapid7, in an e-mail. "[Users] should take inventory of where Windows versions are within their environments so they can plan testing and roll-out of the patch for Bulletin 3 as quickly as possible."
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!