Microsoft plans big May patch slate for next week
Schedules seven updates to patch 23 bugs in Windows, Office
Computerworld - Microsoft today said it would ship seven security updates next week, three critical, to patch 23 bugs in Windows, Office and its Silverlight and .Net development platforms.
The number of patches -- nearly two dozen -- is higher than usual for an odd-numbered month; for some time, Microsoft has used an even-odd schedule, patching more vulnerabilities in the even months, when it also regularly updates Internet Explorer.
"May has been a light month, historically, very light," said Andrew Storms, director of security operations at nCircle Security, who tracks the number of patches and updates Microsoft issues each month.
In May 2011, Microsoft shipped two update that patched three vulnerabilities. The year before, it delivered two updates that patched two bugs.
"So, this is a big number," said Storms.
The pace so far this year -- Microsoft's collections during the first five months have included seven, nine, six, six and seven updates -- puts to rest the idea that Microsoft still hews to a wave-and-trough practice.
"Certainly for bulletin count, it looks like a pretty flat line to me," said Storms, using the term "bulletin" -- Microsoft's label -- to describe security updates. "This year, it looks like the up and down pattern has ended."
Wolfgang Kandek, CTO of Qualys, agreed with Storms.
"In prior years we have seen much stronger differences [in the number of updates each month], ranging from 2 to 17," Kandek said in an email. "We are not sure this [flattening] is intended, but it makes the workload much more predictable and is preferable to the more bursty release mode."
Of the seven updates, Microsoft tagged three as "critical," the highest threat ranking in its four-step system, and the other four as "important," the next-most serious score.
Four updates will address vulnerabilities in Windows; four will impact Office, Microsoft's popular application suite; and one will affect the Silverlight development framework. That count exceeds seven because one of updates tackles bugs in all three of those lines.
The large number of Office updates caught Storms' eye: Three of the pending bulletins are Office-only, while one is shared with Windows and Silverlight. The trio of Office-only updates will patch flaws in Word, Excel and Visio. The latter is a little-used commercial diagramming program that's considered part of the Office family.
"There's a heavy lean toward Office here," Storms noted.
Storms pointed his finger at what Microsoft labeled Bulletin 2 as the most likely to rise to the top of the to-do list next week. His reasons: It was pegged critical, impacts virtually every edition of Windows, applies to all currently-supported versions of Office on Windows and also patches one or more bugs in Silverlight.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts