According to the Microsoft Security Response Center, Microsoft will issue 13 Security Bulletins on Tuesday, and it will host a webcast to address customer questions about the bulletin the following day (October 14 at 11:00am PST, if you’re interested). Eight of the vulnerabilities are rated “Critical,” and the other five are marked as “Important.” All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least six of the 13 patches will require a restart.
The list of affected operating systems includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), Windows Server 2008 (x86 and x64), Windows 7 (x86 and x64), and Windows Server 2008 R2 (x86 and x64). This is the first Patch Tuesday where Microsoft is releasing patches for Windows 7 and Windows Server 2008 R2.
The update will include 13 bulletins that between them tackle 34 vulnerabilities.
Microsoft said that eight of the bulletins were rated as critical – the most serious sort of vulnerability.
The security patches will close loopholes in many different programs including different editions of Windows, Internet Explorer and some elements of Office.
One update, rated as critical, tackles a loophole in Internet Explorer 8 running under Windows 7. The next version of Microsoft’s operating system is due to be released on 22 October.
Most people will get the updates automatically but links to download them can also be found on Microsoft’s security pages. Once applied to a PC, the machine will need to be re-started before the fixes take effect.
In a blog posting giving an outline of the updates, Jerry Bryant, a Microsoft security expert, said two of the fixes were for problems flagged up in earlier advisories.
One of those loopholes, for the File Transfer Protocol (FTP) bundled in with Microsoft’s Internet Information Server, is already being exploited by some hi-tech criminals.
Windows is by far the most popular target for cyber criminals and the vast majority of the millions of malicious programs, including worms and trojans, are aimed at the operating system.
Prior to the bumper October security update, Microsoft’s biggest every update was released in June 2009. That package of 10 fixes tackled 31 vulnerabilities.
The exact breakdown of the bulletins is as follows:
* Bulletin 1: Critical (Remote Code Execution), Windows
* Bulletin 2: Critical (Remote Code Execution), Windows
* Bulletin 3: Critical (Remote Code Execution), Windows
* Bulletin 4: Critical (Remote Code Execution), Windows
* Bulletin 5: Critical (Remote Code Execution), Windows, Internet Explorer
* Bulletin 6: Critical (Remote Code Execution), Windows
* Bulletin 7: Important (Spoofing), Windows
* Bulletin 8: Important (Remote Code Execution), Windows
* Bulletin 9: Important (Elevation of Privilege), Windows
* Bulletin 10: Important (Denial of Service), Windows
* Bulletin 11: Critical (Remote Code Execution), Office
* Bulletin 12: Critical (Remote Code Execution), Windows, Silverlight
* Bulletin 13: Critical (Remote Code Execution), Windows, Office, SQL Server, Developer Tools, Forefront
Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:
* One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
* One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
* An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center
This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches as well as pull them if it deems it necessary.
- Similar posts
- Microsoft boss upbeat about windows 7 (63.8%)
- Microsoft's Security Bulletin for September (30%)
- Internet Explorer security flaw (24.9%)
- Microsoft April patchday notes. (16.1%)
- Windows 7 launch ad filmed in Spanish hamlet (8.8%)
Microsoft issued its biggest software patch on record on Tuesday to fix a range of security issues in its programs, including the yet to be released Windows 7 operating system.
In a monthly update sent to users of its software, Microsoft released 13 security bulletins, or patches, to address 34 vulnerabilities it identified across its Windows, Internet Explorer, Silverlight, Office and other products.
It said six of the patches were high priority and should be deployed immediately. The patches – which update software to write over glitches – are designed to protect users from hackers or malicious software downloaded from the Internet.
Several of the patches affect Windows 7, the software maker’s new operating system, which will be officially unveiled next week, but has been widely used in test versions.
Such an early sign of security issues on Windows 7 is potentially worrisome for Microsoft, which is hoping its new operating system will erase bad feelings among many customers who bought the predecessor, Vista.
A Microsoft spokesperson could not immediately say whether the company had identified further security problems with Windows 7. The company generally does not disclose such problems until it has patches available.
The vulnerabilities in Windows 7, including the risk of having a PC taken over by a hacker, were serious flaws, but to be expected, according to Dave Marcus, senior researcher at software security firm McAfee Inc.
“As long as human beings are writing code there are always going to be vulnerabilities,” he said.
Tuesday’s update included the largest number of patches to be issued on a single day by Microsoft.
Corporate users will need to test the patches before they deploy them to make sure they do not cause machines to crash because of compatibility issues with existing software.