Microsoft slates hefty Patch Tuesday, to fix 34 flaws next week
Second-biggest collection this year includes first critical vulnerability in IE9
Computerworld - Microsoft today said it will issue 16 security updates next week to patch 34 vulnerabilities in Windows, Internet Explorer (IE), Office, SQL Server and other products.
"It's the usual mishmash for an even-numbered month," said Andrew Storms, director of security operations at nCircle Security. "But to some degree, we expected a big month. And they stayed true to form."
Microsoft typically releases a larger number of updates in even-numbered months, and fewer in odd-numbered months. In May, for instance, Microsoft shipped just two updates -- the company called them "bulletins" -- to patch only three vulnerabilities.
Of the 16 updates, nine will be rated "critical," the highest threat label in Microsoft's four-step scoring system, while the remaining seven will be marked "important," the second-most-dire ranking.
Next week's Patch Tuesday bulletin count will be the second-largest this year, following April's collection of 17 updates, but beating February's total of 12.
The number of bugs Microsoft plans to quash will also be the second-highest in 2011: Microsoft fixed a record 64 flaws in its software portfolio two months ago.
The company also regularly updates IE on even-numbered months, and will patch its browser next week in two separate bulletins, an unusual move. Both IE updates were labeled critical.
All versions of IE will receive one of the updates, including IE9, the newest edition, while the second IE bulletin will affect only IE8 and older versions.
Next Tuesday's IE9 update will be the browser's first since the browser debuted in mid-March, as well as the first pegged critical.
"So, basically it had a critical bug the day it shipped," said Storms.
Storms was referring to Microsoft's testing process, which usually lasts two months or more. That timeline would have precluded an IE9 patch in April, the first update scheduled after the browser shipped.
Beyond the two updates that affect IE, 10 target Windows, two will address bugs in Office -- the Excel spreadsheet and InfoPath, Office's form maker, will receive fixes -- one will patch the Forefront security client, and another will update the .Net and Silverlight platforms bundled with Windows.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!