Microsoft plans gigantic Patch Tuesday next week
Slates record-tying 34 patches for Windows, IE, Office and SharePoint
Computerworld - Microsoft today said it will deliver 10 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint.
The patches will also quash two bugs that Microsoft acknowledged in February and April.
"I'd actually call this a moderate month," said Andrew Storms, director of security operations at nCircle Security. "Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn't look like a huge month to me."
By the numbers, however, next week's updates will be huge. Although the 10 updates fall short of the record of 13 -- first set in October 2009, then repeated in February 2010 -- Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.
Microsoft has been shipping alternating large and small batches of fixes, with the larger-sized updates landing in even-numbered months. In May, for example, the company issued just two bulletins that patched two vulnerabilities. April's collection, meanwhile, amounted to 11 bulletins that fixed 25 flaws.
The monthly advance notification spelled out the patches expected to appear next Tuesday.
Of the 10 updates, Microsoft labeled three as "critical," the highest threat ranking in the company's four-step system. The seven remaining patches have been pegged as "important," the next step down from critical. Two of the three critical updates will address issues in Windows, while the third will tackle Internet Explorer (IE).
All six updates affecting Windows will impact Microsoft's newest operating system, Windows 7. And with one exception -- Windows 2000 and Windows XP will not need Bulletin 9 -- all currently-supported versions of Windows will require all the patches.
"There's no safe harbor this month," said Storms.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts