Microsoft to issue nine security updates to Windows, Office

Microsoft has released their advance notification for the October 2014 Patch Tuesday updates. There will be a total of nine updates issued next Tuesday, October 14, three of them rated critical.

The three critical updates address problems in Internet Explorer and all versions of Windows. The first update, for Internet Explorer and Windows, is rated Critical on Windows client systems and Moderate on servers. The problems are likely mitigated by the Enhanced Security Configuration in Windows Server. The other two critical updates, affecting Windows and the .NET Framework, are critical on all Windows platforms, with a couple exceptions for Server Core.

Four other updates affect Windows. One is rated Moderate and the others Important. The Moderate bug also is listed as affecting Microsoft Office 2007 IME (Japanese).

Another update to Office affects Office 2007 and 2010 on Windows, Office for Mac 2011 and the Office Compatibility Pack SP3, is rated Important on all.

The final bug is a security bypass vulnerability, rated Important, in ASP.NET MVC versions 2.0, 3.0, 4.0, 5.0 and 5.1.

Microsoft will also release a new version of the Windows Malicious Software Removal Tool and probably some as-yet undisclosed number of non-security updates to various Windows versions. It has also become popular for other companies, most prominently Adobe, to release security updates for their own products on that day.