Microsoft released their advance notification statement today for the fixes that will be included in next week’s Patch Tuesday release, and it looks to be a moderate month for patching. We can expect eight updates, half of them rated critical and the other half rated important. Affected software includes Windows (ranging from Windows XP to Windows 8/RT), IE, Office applications (Word and Excel), and Microsoft SharePoint server, as well as Silverlight and the .NET Framework.
Several of the updates are expected to address vulnerabilities that can allow remote code execution, making it important to get the patches applied as soon as possible (although some IT admins may be understandably wary after the problems that came in the wake of some of the August and September patches).
According to reports, the first of these security bulletins will address the much-publicized Zero Day vulnerability that impacts all versions of Internet Explorer, which was reported in Security Advisory KB2887505 that was issued on September 17, one week after last month’s Patch Tuesday. This vulnerability is one of the remote code execution variety and there were attempts to exploit it reported, mostly in Asia.
Microsoft began the Patch Tuesday program in October 2003, so this month actually marks the ten-year milestone. Other vendors have emulated the monthly patch release program, making the update process a bit more predictable for IT departments, despite the occasional out-of-band emergency update.
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side), and be the first to get them!