News

Patch Tuesday To Address Multiple Microsoft Bugs

IT pros can expect a mammoth patch release for the month of October on Tuesday if Microsoft's advance notification is any indication.

In this month's upcoming security patch slate, there will be eight "critical" items and "five" important hotfixes, Microsoft suggests. And it appears Redmond isn't just playing catch up with lingering issues but will cast a wide net. This rollout aims to patch Windows components as well as Microsoft Office, SQL Server, Silverlight, Visio and other Microsoft solutions.

Remote code execution (RCE) exploits are once again the predominant theme. Ten bulletins will have RCE implications. Spoofing, elevation-of-privilege and denial-of-service risks will round out the batch of incursion considerations.

Critical Patches
All of the critical patches will aim at addressing RCE vulnerabilities. The first three critical patches will be Windows hotfixes.

Item No. 1 is expected to touch Vista and Windows Server 2008, while the second critical item will affect every OS except for Windows 7. Critical patch No. 3 will cover every OS except Vista, Windows Server 2008 and Windows 7.

For the fourth critical item, Redmond plans to switch gears. It will be a Windows and Internet Explorer combo fix. This bulletin will address IE versions 5.01 through 8 along with Windows OSes.

The fifth critical item will address every currently supported Windows OS. The sixth item will affect Microsoft Office components sitting mainly on XP operating systems, including Outlook, Visio and Visio Viewer.

The last two critical bulletins will deal with Web, server and developer components. Critical patch No. 7 will apply a fix to Microsoft Silverlight developer tools. The last critical item will be a grab-bag of fixes for Microsoft Report Viewer, SQL Server, Microsoft Forefront, Visual Studio.NET and Visual Studio FoxPro programs.

Important Patches
All of the important fixes will be Windows patches, according to Microsoft. The first and third important patches will address RCE exploits. The second important patch will be designed to thwart spoofing attacks. Important items No. 4 and No. 5 will tackle elevation-of-privilege and denial-of-service vulnerabilities, respectively.

What's common about the five important patches is this: besides being Windows patches, they will all touch Windows 7. 

Four of them affect every OS that's currently supported by Microsoft, plus Windows 7. Important patch No. 5 will cover the same turf except for Windows 2000 Service Pack 4.

Microsoft's October security patch release likely will keep IT pros busy with installation and testing tasks. Moreover, every single hotfix could require a restart. For those wanting more, Microsoft released this knowledgebase article describing nonsecurity and system updates that will come via Windows Server Update Services, Windows Update and Microsoft Update.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Low-Coding in the Age of AI: Dataverse Embraces Copilot, Claude and Cursor

    Microsoft is extending Dataverse into coding-agent marketplaces while expanding its MCP tools, certification program and governance controls.

  • Visual Studio Takes Aim at Copilot Billing Shock

    Beyond Copilot usage visibility, the June update delivers several other enhancements centered on AI-assisted development, security and quality-of-life improvements. Here's a quick rundown of the remaining additions announced by Microsoft.

  • Claude AI Gets Yet Another Boost in VS Code 1.128

    The July 8, 2026, Visual Studio Code update expands agent workflows, chat attachments, browser-tab controls, OS-level shortcuts and enterprise telemetry management.

  • TypeScript 7 Arrives to Rock VS Code with Go-Powered Speed

    Microsoft says TypeScript 7, announced July 8, brings native Go performance to VS Code, Visual Studio and other editors.

Subscribe on YouTube