Microsoft Plans 9 Patches Next Week - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:41 PM

Microsoft Plans 9 Patches Next Week

At least one will be tagged 'critical,' the vendor's highest warning.

Next Tuesday will be a busy day for Windows administrators, Microsoft said Thursday as it promised nine security bulletins in its October patch release. At least one of those will be tagged as "critical," the Redmond, Wash.-based developer's highest warning.

In the monthly advance notification e-mailed to customers, Microsoft said that eight of the nine bulletins will patch holes in Windows, while the ninth fixes a flaw -- rated "important," one step below "critical" in Microsoft's four-step assessment -- in the Exchange e-mail server software.

As usual, Microsoft was close-mouthed about details; the advance notifications are intended only to "help our customers plan for the deployment of these security updates more effectively," according to the boilerplate in the e-mail.

It's likely, however, that at least one of the patches planned for Oct. 11 will be the leftover from last month, when Microsoft unexpectedly canceled a single security bulletin after earlier saying it would release it on Sept. 13.

Also expected is at least one fix for Internet Explorer, if only because it currently sports a number of unpatched vulnerabilities. eEye Digital Security, which tracks the bugs it's submitted to Microsoft, currently lists six IE vulnerabilities awaiting fixes. And by Danish vulnerability tracker Secunia's tally, IE 6.0 is afflicted with a dozen unpatched bugs.

Also unpatched is a long-known bug in the Microsoft Jet Database Engine, a component that provides data access to applications such as Microsoft Access and Microsoft Visual Basic. The flaw, first disclosed in late March, has not been fixed even though exploits using the vulnerability have circulated. Most recently, Symantec noted in an advisory that the bug was being used to hack systems with a Trojan dubbed "Backdoor.Hesive."

Microsoft will also release an undated Windows Malicious Software Removal Tool on Tuesday, the company said in the advance notice.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll