Microsoft slates IE bug fix for next week
Will patch 23 vulnerabilities in Windows, its browser and other software
Computerworld - Microsoft today said it will ship eight security updates next week to patch 23 vulnerabilities in Windows, Internet Explorer (IE) and several other products in its portfolio.
The company sketched out the upcoming patches in an advanced notice of Patch Tuesday's line-up.
Two of the eight updates, which Microsoft refers to as "bulletins," will be rated "critical," the most-serious threat ranking in its scoring system. The remaining six will be labeled "important," the next-most-severe tag. Most of the bulletins, including four of the six pegged as important, are to patch vulnerabilities that attackers could exploit to execute malicious code, and potentially commandeer the computer, the company acknowledged.
Microsoft said that the eight updates will fix 23 security flaws. The company usually delivers a larger number of updates that patch a higher number of vulnerabilities in even-numbered months, leaving a lighter load for odd-numbered months.
In August, for example, Microsoft issued 13 updates that patched 22 vulnerabilities, while in September it delivered five updates that quashed 15 bugs.
This month's tallies were slightly sub-par for an even-numbered month: So far this year, Microsoft has patched an average of 26.2 bugs in those months. In odd-numbered months, Microsoft fixed an average of 9.4 flaws.
"In 2010, the up and down from odd- to even-numbered months was more recognizable," said Andrew Storms, director of security operations at nCircle Security. "This year, the numbers have been flatter lately. They're in the double digits almost every month. So IE is really the difference. We know we get an IE update every other month."
Storms is right: Since July, Microsoft has patched an average of 18.5 vulnerabilities in the odd-numbered months, and 22.5 bugs in the even-numbered months.
The IE update will probably be the one most users should deploy first, said Storms, advice he and other security experts almost always give every other month. That update is one of the two rated critical by Microsoft, and affects all currently-supported versions of the browser, including this year's IE9.
"I doubt there will be a story this month from Microsoft about how IE9 is more secure than its other browsers," said Storms, referring to the critical label Microsoft assigned to the new version's update.
The other critical bulletin will patch one or more vulnerabilities in the .Net framework included with every version of Windows, from 2001's XP to 2009's Windows 7. The same update will also plug a hole in the Silverlight 4 development tool.
Marcus Carey, a security researcher with Rapid7, pointed out that the .Net and Silverlight update sounds similar to MS11-039, a critical bulletin Microsoft issued in June.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Partners in Mobile Device Management: AirWatch & CDW When it comes to Mobile Device Management, it's not just what you know. It's who you know. That's why CDW partners with industry...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what... All Operating Systems White Papers | Webcasts