Microsoft plans six patches next week, ties November record
'Bulletin 3' affects nearly every version of Windows
Computerworld - Microsoft today said it will deliver six security updates Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office.
The updates will patch a total of 15 separate vulnerabilities, Microsoft said in a follow-up entry to its security response center's blog.
"Six is the lucky number this month," said Andrew Storms, director of security operations at nCircle Network Security. "Really, anything less than 13 is a lucky number."
Last month, Microsoft released 13 updates that patched 34 vulnerabilities, both records since the company started shipping monthly updates more than six years ago.
The six slated for next week, however, tie the record for the most issued in November, traditionally a light month for Microsoft updates. In November 2006, the company also delivered a half-dozen security updates. In 2007 and 2008, however, it shipped just two each year in November, while it released only one in 2005.
Of the half-dozen updates, Microsoft tagged three as "critical," the highest severity rating in its four-step scoring system, while the remaining trio were labeled "important," the next-lowest ranking. Four of the six affect one or more editions of Windows or Windows Server; the other two will patch Office, specifically Word and Excel.
Because there are no outstanding Microsoft-generated security advisories, Storms was at a loss about what next week's updates might fix. "But Bulletin 1 looks interesting," he said, noting that the critical update would patch only Vista and Server 2008. "Historically, you would expect a Vista patch to also affect XP, and maybe even Windows 7," Storms explained.
None of Tuesday's updates will affect Windows 7, Microsoft's just-released operating system, or the also-new Windows Server 2008 R2, the companion server software. Last month, Microsoft released the first patches for Windows 7's final code.
"There aren't any Windows 7 patches at all," Storms said. "So, so far so good." Windows 7 will be worth watching, however. "It will be more interesting down the road to see if Microsoft disclosed bugs they found in Windows 7, and fixed during development, but are just now going back and fixing in the older OSes."
Another update to watch carefully next week is the one Microsoft named "Bulletin 3" in its advance notification, the monthly forewarning that includes only the barest of details.
That update, also rated critical, affects everything version from the aged Windows 2000 to Vista and Server 2008. "I think No. 3 is the big one to watch next week," said Storms.
Another researcher agreed. "Our sources unanimously suggest that Bulletin 3 will be the issue that needs to be addressed first this month," echoed Sheldon Malm, senior director of security strategy at Rapid7, in an e-mail. "[Users] should take inventory of where Windows versions are within their environments so they can plan testing and roll-out of the patch for Bulletin 3 as quickly as possible."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts