Tick, tock: Windows 8.1 users face patch ban as Microsoft sets next week's updates
Microsoft plans to deliver eight security updates on May 13 for IE, Windows, Office and SharePoint; four are slated for Windows 8.1
Computerworld - Microsoft today said it will issue eight security updates to customers next week that will include fixes for flaws in Internet Explorer (IE), Windows, Office and SharePoint.
Four of the bulletins, including the one targeting IE, affect Windows 8.1, the fall 2013 refresh of Windows 8. However, to receive those four updates, users of Windows 8.1 must have upgraded to Windows 8.1 Update, which Microsoft released just last month.
Of the eight updates, two were tagged "critical," Microsoft's most serious threat rating, and the remaining six were marked "important," the next step down in the firm's four-part scoring system.
May's collection of updates is the largest so far this year: Microsoft issued four updates each in January and April, five each in February and March.
"It's in the range," said Andrew Storms, director of DevOps at CloudPassage, today. "It's not like this is a giant update."
Storms recommended that users apply the IE update as soon as possible. Marked critical, the update will patch one or more vulnerabilities in all still-supported versions of the browser, including IE6, IE7, IE8, IE9, IE10 and IE11, according to Thursday's advance notification of next week's slate.
Although IE6 was retired last month for users of Windows XP, it still receives patches when deployed on Windows Server 2003. The latter does not exit support until July 2015.
No patches will be offered to Windows XP PCs next week, in fitting with Microsoft's standard support lifecycle policy. XP was retired last month, although Microsoft made an exception May 1 when it pushed a single IE patch to the 13-year-old OS, a move that caught most by surprise. At the time, it explained that it gave the IE fix to XP customers because the latter had been retired so recently.
Apparently, a week is the difference between patching and not patching XP.
"Microsoft will include the 'out-of-band' from last week in this month's IE update," said Storms, using the term for the emergency patch Microsoft shipped May 1. "But it wouldn't hurt to double-check."
The other critical update, named "Bulletin 2" in the advanced notice, will apply to SharePoint Server 2007, 2010 and 2013. SharePoint Server has been patched twice already this year -- in both January and April -- as well as in December 2013.
"SharePoint is one of those critical back-end office servers, in the same bucket as Exchange and SQL Server," said Storms. "So it will be important to move gingerly and important to test properly before deploying it."
Storms also remarked on the frequency that SharePoint has been patched. "They've been patching it more than other servers," he said. In 2013, Microsoft issued eight updates for SharePoint Server; in comparison, Exchange Server, Microsoft's email server software, received four updates during the year.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts