Microsoft slates hefty Patch Tuesday, to fix 34 flaws next week
Second-biggest collection this year includes first critical vulnerability in IE9
Computerworld - Microsoft today said it will issue 16 security updates next week to patch 34 vulnerabilities in Windows, Internet Explorer (IE), Office, SQL Server and other products.
"It's the usual mishmash for an even-numbered month," said Andrew Storms, director of security operations at nCircle Security. "But to some degree, we expected a big month. And they stayed true to form."
Microsoft typically releases a larger number of updates in even-numbered months, and fewer in odd-numbered months. In May, for instance, Microsoft shipped just two updates -- the company called them "bulletins" -- to patch only three vulnerabilities.
Of the 16 updates, nine will be rated "critical," the highest threat label in Microsoft's four-step scoring system, while the remaining seven will be marked "important," the second-most-dire ranking.
Next week's Patch Tuesday bulletin count will be the second-largest this year, following April's collection of 17 updates, but beating February's total of 12.
The number of bugs Microsoft plans to quash will also be the second-highest in 2011: Microsoft fixed a record 64 flaws in its software portfolio two months ago.
The company also regularly updates IE on even-numbered months, and will patch its browser next week in two separate bulletins, an unusual move. Both IE updates were labeled critical.
All versions of IE will receive one of the updates, including IE9, the newest edition, while the second IE bulletin will affect only IE8 and older versions.
Next Tuesday's IE9 update will be the browser's first since the browser debuted in mid-March, as well as the first pegged critical.
"So, basically it had a critical bug the day it shipped," said Storms.
Storms was referring to Microsoft's testing process, which usually lasts two months or more. That timeline would have precluded an IE9 patch in April, the first update scheduled after the browser shipped.
Beyond the two updates that affect IE, 10 target Windows, two will address bugs in Office -- the Excel spreadsheet and InfoPath, Office's form maker, will receive fixes -- one will patch the Forefront security client, and another will update the .Net and Silverlight platforms bundled with Windows.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts