Patch Tuesday: Microsoft’s most security bulletins ever!

According to the Microsoft Security Response Center, Microsoft will issue 14 Security Bulletins addressing 34 vulnerabilities on Tuesday. It will also host a webcast to address customer questions the following day.

Eight of the vulnerabilities are rated "Critical" and six are marked "Important." All of the Critical vulnerabilities earned their rating through a Remote Code Execution impact, meaning a hacker could potentially gain control of an infected machine. At least seven of the 14 patches will require (yeah!) a restart.

The list of affected operating systems includes all supported versions of Windows; almost all supported Microsoft Office suites are also vulnerable, including Office 2004 for Mac and Office 2008 for Mac. Those who have upgraded to Microsoft Office 2010 may breathe easy. Silverlight 2 and Silverlight 3 are also on the list, but the latest version, Silverlight 4, is not.

Compared to last month's minor Patch Tuesday, this one is massive. In fact, this is the most bulletins Microsoft has ever released in one month. 

This month's Patch Tuesday does not include a fix for the Windows Shortcut flaw because Microsoft released an out-of-band patch for that one earlier this week.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change; Microsoft has been known to rush patches or to pull them as it deems necessary.

Read the comments on this post

Microsoft Patch Tuesday for July 2010: four bulletins

According to the Microsoft Security Response Center, Microsoft will issue four Security Bulletins addressing five vulnerabilities on Tuesday. It will also host a webcast to address customer questions the following day.

Three of the vulnerabilities are rated "Critical" and the last is marked "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least one of the four patches will require a restart.

The list of affected operating systems includes Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, and Office 2007 are also covered.

Compared to last month's big Patch Tuesday, this is a small one. The exact breakdown of the bulletins is as follows:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Windows
• Bulletin 3: Critical (Remote Code Execution), Office
• Bulletin 4: Important (Remote Code Execution), Office

If you're wondering, May's Canonical Display Driver vulnerability and June's help vulnerability will both be patched this month.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches or to pull them as it deems necessary.

Read the comments on this post

Microsoft Patch Tuesday for June 2010: 10 bulletins

According to the Microsoft Security Response Center, Microsoft will issue 10 Security Bulletins addressing 34 vulnerabilities on Tuesday. It will also host a webcast to address customer questions about the bulletins the following day.

Three of the vulnerabilities are rated "Critical" and seven are marked "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least two of the 10 patches will require a restart.

The list of affected operating systems includes Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. In terms of the Microsoft Office suites, all supported versions are affected on both Windows and Mac OS X.

Compared to last month's quiet Patch Tuesday, this is one is a whopper. The exact breakdown of the bulletins is as follows:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Windows
• Bulletin 3: Critical (Remote Code Execution), Windows, Internet Explorer
• Bulletin 4: Important (Elevation of Privilege), Windows
• Bulletin 5: Important (Remote Code Execution), Office
• Bulletin 6: Important (Elevation of Privilege), Windows
• Bulletin 7: Important (Remote Code Execution), Office
• Bulletin 8: Important (Elevation of Privilege), Office, Microsoft Server Software
• Bulletin 9: Important (Remote Code Execution), Windows
• Bulletin 10: Important (Tampering), Windows

If you're wondering, yes, April's SharePoint vulnerability as well as February's IE flaw will both be patched this month.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches or to pull them as it deems necessary.

Read the comments on this post

Microsoft Patch Tuesday for May 2010: two bulletins

According to the Microsoft Security Response Center, Microsoft will issue two Security Bulletins addressing two vulnerabilities on Tuesday. It will also host a webcast to address customer questions about the bulletins the following day (May 12 at 11:00 am PST, if you're interested).

Both of the vulnerabilities are rated "Critical," and they earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least one of the two patches will require a restart.

Compared to last month's whopper Patch Tuesday, this is a quiet one. The exact breakdown of the bulletins is as follows:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Office, Microsoft Visual Basic for Applications

If you're wondering, the recently disclosed SharePoint vulnerability is not one of the vulnerabilities being patched.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches or to pull them as it deems necessary.

Read the comments on this post

Next Page »