News

Patch Tuesday To Address Multiple Microsoft Bugs

IT pros can expect a mammoth patch release for the month of October on Tuesday if Microsoft's advance notification is any indication.

In this month's upcoming security patch slate, there will be eight "critical" items and "five" important hotfixes, Microsoft suggests. And it appears Redmond isn't just playing catch up with lingering issues but will cast a wide net. This rollout aims to patch Windows components as well as Microsoft Office, SQL Server, Silverlight, Visio and other Microsoft solutions.

Remote code execution (RCE) exploits are once again the predominant theme. Ten bulletins will have RCE implications. Spoofing, elevation-of-privilege and denial-of-service risks will round out the batch of incursion considerations.

Critical Patches
All of the critical patches will aim at addressing RCE vulnerabilities. The first three critical patches will be Windows hotfixes.

Item No. 1 is expected to touch Vista and Windows Server 2008, while the second critical item will affect every OS except for Windows 7. Critical patch No. 3 will cover every OS except Vista, Windows Server 2008 and Windows 7.

For the fourth critical item, Redmond plans to switch gears. It will be a Windows and Internet Explorer combo fix. This bulletin will address IE versions 5.01 through 8 along with Windows OSes.

The fifth critical item will address every currently supported Windows OS. The sixth item will affect Microsoft Office components sitting mainly on XP operating systems, including Outlook, Visio and Visio Viewer.

The last two critical bulletins will deal with Web, server and developer components. Critical patch No. 7 will apply a fix to Microsoft Silverlight developer tools. The last critical item will be a grab-bag of fixes for Microsoft Report Viewer, SQL Server, Microsoft Forefront, Visual Studio.NET and Visual Studio FoxPro programs.

Important Patches
All of the important fixes will be Windows patches, according to Microsoft. The first and third important patches will address RCE exploits. The second important patch will be designed to thwart spoofing attacks. Important items No. 4 and No. 5 will tackle elevation-of-privilege and denial-of-service vulnerabilities, respectively.

What's common about the five important patches is this: besides being Windows patches, they will all touch Windows 7. 

Four of them affect every OS that's currently supported by Microsoft, plus Windows 7. Important patch No. 5 will cover the same turf except for Windows 2000 Service Pack 4.

Microsoft's October security patch release likely will keep IT pros busy with installation and testing tasks. Moreover, every single hotfix could require a restart. For those wanting more, Microsoft released this knowledgebase article describing nonsecurity and system updates that will come via Windows Server Update Services, Windows Update and Microsoft Update.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • introimage

    Microsoft Reverses Even More on Windows Recall

    Recall, a new Windows 11 feature designed to "retrace users' steps," won't be seeing the light of day anytime soon.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft To Wind Down Copilot Pro's 'GPT Builder' Feature

    Subscribers of Microsoft's Copilot Pro solution will lose access to a key perk starting next month.

  • Windows Server 2025 GPU Improvements Promise Major AI Support

    Currently in public preview, Windows Server 2025 is shaping up to be a major beneficiary of Microsoft's wide-ranging collaboration with chip giant Nvidia.