News

Patch Tuesday To Address Multiple Microsoft Bugs

IT pros can expect a mammoth patch release for the month of October on Tuesday if Microsoft's advance notification is any indication.

In this month's upcoming security patch slate, there will be eight "critical" items and "five" important hotfixes, Microsoft suggests. And it appears Redmond isn't just playing catch up with lingering issues but will cast a wide net. This rollout aims to patch Windows components as well as Microsoft Office, SQL Server, Silverlight, Visio and other Microsoft solutions.

Remote code execution (RCE) exploits are once again the predominant theme. Ten bulletins will have RCE implications. Spoofing, elevation-of-privilege and denial-of-service risks will round out the batch of incursion considerations.

Critical Patches
All of the critical patches will aim at addressing RCE vulnerabilities. The first three critical patches will be Windows hotfixes.

Item No. 1 is expected to touch Vista and Windows Server 2008, while the second critical item will affect every OS except for Windows 7. Critical patch No. 3 will cover every OS except Vista, Windows Server 2008 and Windows 7.

For the fourth critical item, Redmond plans to switch gears. It will be a Windows and Internet Explorer combo fix. This bulletin will address IE versions 5.01 through 8 along with Windows OSes.

The fifth critical item will address every currently supported Windows OS. The sixth item will affect Microsoft Office components sitting mainly on XP operating systems, including Outlook, Visio and Visio Viewer.

The last two critical bulletins will deal with Web, server and developer components. Critical patch No. 7 will apply a fix to Microsoft Silverlight developer tools. The last critical item will be a grab-bag of fixes for Microsoft Report Viewer, SQL Server, Microsoft Forefront, Visual Studio.NET and Visual Studio FoxPro programs.

Important Patches
All of the important fixes will be Windows patches, according to Microsoft. The first and third important patches will address RCE exploits. The second important patch will be designed to thwart spoofing attacks. Important items No. 4 and No. 5 will tackle elevation-of-privilege and denial-of-service vulnerabilities, respectively.

What's common about the five important patches is this: besides being Windows patches, they will all touch Windows 7. 

Four of them affect every OS that's currently supported by Microsoft, plus Windows 7. Important patch No. 5 will cover the same turf except for Windows 2000 Service Pack 4.

Microsoft's October security patch release likely will keep IT pros busy with installation and testing tasks. Moreover, every single hotfix could require a restart. For those wanting more, Microsoft released this knowledgebase article describing nonsecurity and system updates that will come via Windows Server Update Services, Windows Update and Microsoft Update.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • .NET Core Ranks High Among Frameworks in New Dev Survey

    .NET Core placed high in a web-dominated ranking of development frameworks published by CodinGame, which provides a tech hiring platform.

  • Here's a One-Stop Shop for .NET 5 Improvements

    Culled from reams of Microsoft documentation, here's a high-level summary of what's new for performance, networking, diagnostics and more, along with links to the nitty-gritty details for those wanting to dig in more.

  • Azure SQL Database Ranked Among Top 3 Databases of 2020

    Microsoft touted the inclusion of Azure SQL Database among the top three databases of 2020 in a popularity ranking by DB-Engines, which collects and manages information about database management systems, updating its lists monthly.

  • Time Tracker Says VS Code Is No. 1 Editor for Devs, Some Working 15+ Hours Per Day

    WakaTime, which does time tracking for programmers, released data for 2020 showing that Visual Studio Code is by far the top editor/IDE used by its coders, some of whom are hacking away for more than 15 hours per day.

Upcoming Events