News

Microsoft To Deliver Massive Security Patch on Tuesday

Microsoft today promised that a hefty December security update will arrive next week.

December's massive patch, scheduled to arrive on Tuesday, will seal 2010 as the year with the most vulnerabilities and security updates since the inception of Microsoft's Patch Tuesday event. The bad news for IT pros comes wrapped up in an advance notification, announced today.

Microsoft plans to release an astounding 17 patches this month. Two of the security bulletins are deemed "critical." Next, there will be 14 "important" patches to contend with, followed by a lone "moderate" patch.

"It is enough that IT administrators are addressing the current denial-of-service attacks surrounding WikiLeaks where anyone could very quickly become a target," said Paul Henry, security and forensic analyst at Lumension. "But now organizations also have to address this mid-sized disruptive Patch Tuesday from Microsoft with 17 bulletins, which all do or may require a restart."

Remote code execution (RCE) attacks top the list of considerations in this month's patch, with 10 security bulletins addressing the risk. Other risks targeted in this patch include denial-of-service attacks and elevation-of-privilege concerns. The main products to be patched include Windows, Microsoft Office, SharePoint, Exchange and Internet Explorer.

Critical Fixes
The first critical security bulletin appears to be a cumulative update for IE, the world's most widely used Web browser. The fix affects most versions, including IE 6, 7 and 8.

A cumulative fix for IE may be sorely needed. Verizon researchers recently said they had discovered "a previously undisclosed vulnerability" in the browser that allows attackers to bypass the Protected Mode in both IE 7 and IE 8. Microsoft also faced a holdover issue from last month that was described in this security advisory.

That's two outstanding issues affecting multiple versions of IE. As the year comes to a close, it looks like Redmond will be patching both of those flaws in this wide-ranging security update.

The second and final critical item will be a Windows patch that touches every supported Windows operating system.

Important and Moderate Fixes
The 15 important security bulletins expected next week describe multiple Windows operating systems, but Microsoft's patch support will only be for OSes it still supports.

SharePoint and Office, particularly Microsoft Publisher, are the other software products that will be affected in the important group of security bulletins. Microsoft plans to provide more details on Tuesday.

Meanwhile, the lone moderate patch will deal with Microsoft Exchange.

All patches may require a restart.

Also, Microsoft will be rolling out nonsecurity updates via its Windows Server Update Services (WSUS), Windows Update and Microsoft Update services. Details about those updates can be found here.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Mastering Blazor Authentication and Authorization

    At the Visual Studio Live! @ Microsoft HQ developer conference set for August, Rockford Lhotka will explain the ins and outs of authentication across Blazor Server, WebAssembly, and .NET MAUI Hybrid apps, and show how to use identity and claims to customize application behavior through fine-grained authorization.

  • Linear Support Vector Regression from Scratch Using C# with Evolutionary Training

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the linear support vector regression (linear SVR) technique, where the goal is to predict a single numeric value. A linear SVR model uses an unusual error/loss function and cannot be trained using standard simple techniques, and so evolutionary optimization training is used.

  • Low-Code Report Says AI Will Enhance, Not Replace DIY Dev Tools

    Along with replacing software developers and possibly killing humanity, advanced AI is seen by many as a death knell for the do-it-yourself, low-code/no-code tooling industry, but a new report belies that notion.

  • Vibe Coding with Latest Visual Studio Preview

    Microsoft's latest Visual Studio preview facilitates "vibe coding," where developers mainly use GitHub Copilot AI to do all the programming in accordance with spoken or typed instructions.

  • Steve Sanderson Previews AI App Dev: Small Models, Agents and a Blazor Voice Assistant

    Blazor creator Steve Sanderson presented a keynote at the recent NDC London 2025 conference where he previewed the future of .NET application development with smaller AI models and autonomous agents, along with showcasing a new Blazor voice assistant project demonstrating cutting-edge functionality.

Subscribe on YouTube