News

Microsoft Puts Out First Monthly Security Bulletin

Microsoft on Wednesday issued the first of its new monthly security bulletins. The first installment is a blockbuster, fixing seven vulnerabilities, five of them critical. Five vulnerabilities involve Windows and two vulnerabilities affect Exchange.

The big group of patches comes less than a week after CEO Steve Ballmer unveiled the new monthly patching program. Previously, Microsoft released security bulletins on Wednesdays, although the software giant often skipped weeks if it had no patches to deliver or released patches on other days of the week if they were urgent enough. Microsoft still reserves the option to release a patch for an especially severe problem at any time.

Official reasons for the new process include a predictable schedule to help customers build Microsoft system patching into their regular IT duties and more time between patches to give customers long enough to evaluate, test and install patches.

"A major benefit of switching to a monthly release cycle for security patches is that it allows customers to install multiple patches with a single install and single reboot," Microsoft added in a white paper on the new process.

Microsoft seems to be betting that making the process more regular and encouraging users to plan on it every month will give legitimate users an edge against hackers. In many cases, the posting of a Microsoft security bulletin has served as the starting line for a race in which IT departments struggle to get their systems patched as hackers hurry to reverse engineer the vulnerability to create exploits that can be dropped into automated attack tools.

After the initial monthly patch on Wednesday, Microsoft plans to hold future regular patching days on the second Tuesday of every month.

Seven New Vulnerabilities

On the first official release date of Microsoft's new patching process, Microsoft put out seven security bulletins. Microsoft has apparently been saving them up for some time. The software giant last published a security bulletin on its regular Wednesday schedule five weeks ago on Sept. 10. Microsoft did put out a special, urgent cumulative bulletin for Internet Explorer a week and a half ago on Oct. 3, however. (See story).

Among the seven bulletins released Wednesday, five dealt with problems in Windows. Four of those were critical problems that could result in an attacker remotely taking control of a user's machine or a server. Another Windows problem that could also allow remote code execution was rated important.

An executive summary of the Windows flaws with links to the individual Windows bulletins and patches was available here.

Microsoft also disclosed two newly discovered flaws in Exchange servers -- one critical, one moderate. Both flaws could result in an attacker gaining control of the server. The summary with links to those security bulletins was available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.