News

Patch Tuesday To Address Multiple Microsoft Bugs

• By Jabulani Leffall
• 10/08/2009

IT pros can expect a mammoth patch release for the month of October on Tuesday if Microsoft's advance notification is any indication.

In this month's upcoming security patch slate, there will be eight "critical" items and "five" important hotfixes, Microsoft suggests. And it appears Redmond isn't just playing catch up with lingering issues but will cast a wide net. This rollout aims to patch Windows components as well as Microsoft Office, SQL Server, Silverlight, Visio and other Microsoft solutions.

Remote code execution (RCE) exploits are once again the predominant theme. Ten bulletins will have RCE implications. Spoofing, elevation-of-privilege and denial-of-service risks will round out the batch of incursion considerations.

Critical Patches
All of the critical patches will aim at addressing RCE vulnerabilities. The first three critical patches will be Windows hotfixes.

Item No. 1 is expected to touch Vista and Windows Server 2008, while the second critical item will affect every OS except for Windows 7. Critical patch No. 3 will cover every OS except Vista, Windows Server 2008 and Windows 7.

For the fourth critical item, Redmond plans to switch gears. It will be a Windows and Internet Explorer combo fix. This bulletin will address IE versions 5.01 through 8 along with Windows OSes.

The fifth critical item will address every currently supported Windows OS. The sixth item will affect Microsoft Office components sitting mainly on XP operating systems, including Outlook, Visio and Visio Viewer.

The last two critical bulletins will deal with Web, server and developer components. Critical patch No. 7 will apply a fix to Microsoft Silverlight developer tools. The last critical item will be a grab-bag of fixes for Microsoft Report Viewer, SQL Server, Microsoft Forefront, Visual Studio.NET and Visual Studio FoxPro programs.

Important Patches
All of the important fixes will be Windows patches, according to Microsoft. The first and third important patches will address RCE exploits. The second important patch will be designed to thwart spoofing attacks. Important items No. 4 and No. 5 will tackle elevation-of-privilege and denial-of-service vulnerabilities, respectively.

What's common about the five important patches is this: besides being Windows patches, they will all touch Windows 7. 

Four of them affect every OS that's currently supported by Microsoft, plus Windows 7. Important patch No. 5 will cover the same turf except for Windows 2000 Service Pack 4.

Microsoft's October security patch release likely will keep IT pros busy with installation and testing tasks. Moreover, every single hotfix could require a restart. For those wanting more, Microsoft released this knowledgebase article describing nonsecurity and system updates that will come via Windows Server Update Services, Windows Update and Microsoft Update.