Microsoft goes "trick or treating" on Patch Tuesday

The treat is that this month’s eight bulletins will resolve 23 bugs, including two bulletins classified as critical and six tagged as important, noted Paul Henry, security and forensic analyst for Lumension. The trick, according to Henry, is that nearly all of the eight updates will require a restart that could cause widespread disruptions across both internet-connected servers and user community desktops.

The critical bulletins involve remote code execution risk in Internet Explorer, .NET Framework, and Silverlight. Four important bulletins involve remote code execution risks in Windows.

Wolfgang Kandek, chief technology officer with Qualys, stressed that “top priority should be given to the remote code execution patch for all versions of Internet Explorer.” He added that the other priority should be given to the remote code execution patch for .NET Framework and Silverlight.

“The remaining six bulletins are for Windows itself and a number of less pervasive Microsoft technologies, such as Forefront and the Host Integration server. They are all rated as important and not all of them apply to all configurations. IT administrators will have to evaluate to what degree they affect their networks, servers and workstations”, Kandek added.

This October’s Patch Tuesday is a mere ghost of October 2010, when Microsoft shipped 16 bulletins, patching an impressive 49 flaws.

“So far, Microsoft hasn't had to release any out-of-band patches this year. If they can finish the year without an out-of-band patch it will be a significant milestone in Microsoft security. It wasn't that long ago that Microsoft and zero-day bugs seemed synonymous”, commented Andrew Storm, director of security with nCircle.

What’s Hot on Infosecurity Magazine?