Tick, tock: Windows 8.1 users face patch ban as Microsoft sets next week's updates
Microsoft plans to deliver eight security updates on May 13 for IE, Windows, Office and SharePoint; four are slated for Windows 8.1
Computerworld - Microsoft today said it will issue eight security updates to customers next week that will include fixes for flaws in Internet Explorer (IE), Windows, Office and SharePoint.
Four of the bulletins, including the one targeting IE, affect Windows 8.1, the fall 2013 refresh of Windows 8. However, to receive those four updates, users of Windows 8.1 must have upgraded to Windows 8.1 Update, which Microsoft released just last month.
Of the eight updates, two were tagged "critical," Microsoft's most serious threat rating, and the remaining six were marked "important," the next step down in the firm's four-part scoring system.
May's collection of updates is the largest so far this year: Microsoft issued four updates each in January and April, five each in February and March.
"It's in the range," said Andrew Storms, director of DevOps at CloudPassage, today. "It's not like this is a giant update."
Storms recommended that users apply the IE update as soon as possible. Marked critical, the update will patch one or more vulnerabilities in all still-supported versions of the browser, including IE6, IE7, IE8, IE9, IE10 and IE11, according to Thursday's advance notification of next week's slate.
Although IE6 was retired last month for users of Windows XP, it still receives patches when deployed on Windows Server 2003. The latter does not exit support until July 2015.
No patches will be offered to Windows XP PCs next week, in fitting with Microsoft's standard support lifecycle policy. XP was retired last month, although Microsoft made an exception May 1 when it pushed a single IE patch to the 13-year-old OS, a move that caught most by surprise. At the time, it explained that it gave the IE fix to XP customers because the latter had been retired so recently.
Apparently, a week is the difference between patching and not patching XP.
"Microsoft will include the 'out-of-band' from last week in this month's IE update," said Storms, using the term for the emergency patch Microsoft shipped May 1. "But it wouldn't hurt to double-check."
The other critical update, named "Bulletin 2" in the advanced notice, will apply to SharePoint Server 2007, 2010 and 2013. SharePoint Server has been patched twice already this year -- in both January and April -- as well as in December 2013.
"SharePoint is one of those critical back-end office servers, in the same bucket as Exchange and SQL Server," said Storms. "So it will be important to move gingerly and important to test properly before deploying it."
Storms also remarked on the frequency that SharePoint has been patched. "They've been patching it more than other servers," he said. In 2013, Microsoft issued eight updates for SharePoint Server; in comparison, Exchange Server, Microsoft's email server software, received four updates during the year.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts