Microsoft Previews Record-Setting Patch Tuesday - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Operating Systems

Microsoft Previews Record-Setting Patch Tuesday

Redmond is expected to release 14 bulletins, addressing 34 vulnerabilities across Windows, Office, IE, SQL and Silverlight.

Microsoft will release a record number of patches next week, as part of its monthly Patch Tuesday bug-busting cycle.

All told, Microsoft plans to release 14 security update bulletins -- a record -- fixing 34 vulnerabilities in Windows, Office, Internet Explorer, SQL and Silverlight. In terms of vulnerabilities fixed, that number ties with the Patch Tuesday in June 2010.

Eight of the new bulletins are rated "critical," defined by Microsoft as "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action." Meanwhile, six are "important," meaning that the if exploited, the vulnerability "could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources."

In terms of critical vulnerabilities, the older Windows XP and 2003 operating systems get the most fixes, while Windows 7 and 2008 R2 each see two.

Interestingly, for the vulnerable applications, the "Internet Explorer, Office and Silverlight updates apply across the board on all Windows versions," said Wolfgang Kandek, chief technology officer of Qualys, on his company's blog.

That's becoming a trend, he said, since when it comes to exploiting flaws, increasingly, "attackers and malware go through the installed applications, rather than through the core operating system," presumably to target a greater number of users.

Patch Tuesday, of course, won't be the only security updates released by Microsoft in August. Earlier this week, in the face of increasing numbers of attacks, Microsoft also released an "out of band" patch against the Windows Shell vulnerability, for all currently supported versions of Windows.

As that catch suggests, users of Windows XP SP2 or Windows 2000, beware. "Windows 2000 and XP SP2 users will not be covered and are now in a predicament that will become increasingly urgent," said Kandek. "The best option for XP SP2 users is to upgrade to SP3 as soon as possible. Windows 2000 users need to migrate to a new OS altogether."

The same warning also applies to the security bulletins Microsoft will release next week. "Windows XP SP2 users do not have any patches supplied to them, even though the five critical vulnerabilities for XP SP3 most likely apply to their discontinued version of the OS as well," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
Top 10 Programming Languages in Demand Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  4/28/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll