informa
/
2 MIN READ
News

Microsoft Previews Record-Setting Patch Tuesday

Redmond is expected to release 14 bulletins, addressing 34 vulnerabilities across Windows, Office, IE, SQL and Silverlight.
Microsoft will release a record number of patches next week, as part of its monthly Patch Tuesday bug-busting cycle.

All told, Microsoft plans to release 14 security update bulletins -- a record -- fixing 34 vulnerabilities in Windows, Office, Internet Explorer, SQL and Silverlight. In terms of vulnerabilities fixed, that number ties with the Patch Tuesday in June 2010.

Eight of the new bulletins are rated "critical," defined by Microsoft as "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action." Meanwhile, six are "important," meaning that the if exploited, the vulnerability "could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources."

In terms of critical vulnerabilities, the older Windows XP and 2003 operating systems get the most fixes, while Windows 7 and 2008 R2 each see two.

Interestingly, for the vulnerable applications, the "Internet Explorer, Office and Silverlight updates apply across the board on all Windows versions," said Wolfgang Kandek, chief technology officer of Qualys, on his company's blog.

That's becoming a trend, he said, since when it comes to exploiting flaws, increasingly, "attackers and malware go through the installed applications, rather than through the core operating system," presumably to target a greater number of users.

Patch Tuesday, of course, won't be the only security updates released by Microsoft in August. Earlier this week, in the face of increasing numbers of attacks, Microsoft also released an "out of band" patch against the Windows Shell vulnerability, for all currently supported versions of Windows.

As that catch suggests, users of Windows XP SP2 or Windows 2000, beware. "Windows 2000 and XP SP2 users will not be covered and are now in a predicament that will become increasingly urgent," said Kandek. "The best option for XP SP2 users is to upgrade to SP3 as soon as possible. Windows 2000 users need to migrate to a new OS altogether."

The same warning also applies to the security bulletins Microsoft will release next week. "Windows XP SP2 users do not have any patches supplied to them, even though the five critical vulnerabilities for XP SP3 most likely apply to their discontinued version of the OS as well," he said.