ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

By | October 7, 2011, 4:31am PDT

Summary: Two of the eight bulletins –affecting IE, Windows and .Net Framework and Silverlight — will be rated “critical,” Microsoft’s highest severity rating.

Microsoft’s monthly pilgrimage to the security patch altar will resume next Tuesday with fixes for gaping security holes in software products used by tens of millions of computer users.

In all, the Redmond, Wash. software maker will ship 8 security bulletins to address at least 23 documented vulnerabilities affecting the Internet Explorer browser, the Microsoft Windows operating system, .NET Framework and Silverlight, Microsoft Forefront UAG, and Microsoft Host Integration Server.

Two of the eight bulletins –affecting IE, Windows and .Net Framework and Silverlight — will be rated “critical,” Microsoft’s highest severity rating.  Microsoft typically slaps a “critical” rating on vulnerabilities that can be exploited remotely to launch code execution attacks without any user action.

The other six bulletins will be rated “important,” according to an advance notice from Microsoft.

Some of these patches will require a restart after the affected machine is updated.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Microsoft Internet Explorer, Microsoft Corp., Web Browsers, Patches, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
35
Comments
Add Your Opinion

Join the conversation!

Just In

ddfs
jywhy888 7th Mar
Wholesale Bedding Baby Products Suppliers http://www.chinawholesaletown.com/wholesale-Cooler/ Cooler
Wholesale Socks China Wholesale http://www.chinawholesaletown.com/wholesale-Tag---lable/ Entertainment Supplies
Personal Safety Products Wholesale Playing Card http://www.chinawholesaletown.com/ Glove
Wholesale Compressed Products Crystal Gifts http://www.chinawholesaletown.com/wholesale-Playing-Card/ Racks
Medicine Instrument Wholesale Jewelry http://www.chinawholesaletown.com/wholesale-Eye-Masks/ Playing Card
Water Bottle Medicine Instrument http://www.chinawholesaletown.com/wholesale-Calendar/ Stapler
Coca Cola Gifts Wholesale Belt http://www.chinawholesaletown.com/wholesale-Coca-Cola-Gifts/ Mouse
Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
China Wholesale Wholesale Clothing http://www.chinawholesaletown.com/wholesale-Electroluminescent/ Advertising Material
Home Appliances Wholesale Vase http://www.chinawholesaletown.com/wholesale-USB-Flash-Drive/ Glasses
Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
Wholesale USB Flash Drive Wholesale Bookmark http://www.chinawholesaletown.com/wholesale-Banner---Flag/ Money Clip
Wholesale Mirror Bottle Opener http://www.chinawholesaletown.com/wholesale-Baby-Suppliers/ Promotional Items
Wholesale Bag Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Wallet/ Vuvuzela
Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
Wholesale Carabiner Wholesale Pedometer http://www.chinawholesaletown.com/wholesale-T-Shirts/ Coca Cola Gifts
Wholesale Golf Products Flash Gift http://www.chinawholesaletown.com/wholesale-Writing-Instrument/ Arts Crafts
Patient Care Products Hair Products http://www.chinawholesaletown.com/wholesale-Stationery/ Keychain
Wholesale Tellurion Mouse Pad http://www.chinawholesaletown.com/wholesale-Scissors/ Thermometer
World Cup Products Water Bottle http://www.chinawholesaletown.com/wholesale-Beauty-Equipment/ Voice Recorder
Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
Wholesale Jewelry Wholesale Tableware http://www.chinawholesaletown.com/wholesale-Pom-Poms/ Knife
Wholesale Waterproof Case Wholesale Cup http://www.chinawholesaletown.com/wholesale-Electrical-Gifts/ Bracelet
CD Holde Wholesale USB Flash Drive http://www.chinawholesaletown.com/wholesale-Cap/ Writing Instrument
Wholesale Shoe Wholesale lable http://www.chinawholesaletown.com/wholesale-Computer-Keyboard/ China Wholesale
Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
Wholesale Stationery Inflatable Products http://www.chinawholesaletown.com/wholesale-Name-Card-Holder/ Raincoat
Wholesale T-Shirts Name Card Holder http://www.chinawholesaletown.com/wholesale-Money-Clip/ Electrical Gifts
Wholesale Pedometer Wholesale Bangle http://www.chinawholesaletown.com/wholesale-Gift-Box---Display/ Consumer Electronics
Cleaner Products Wedding Favors http://www.chinawholesaletown.com/wholesale-Wedding-Favors/ Bedding
Lighting Products Wholesale Tellurion http://www.chinawholesaletown.com/wholesale-Socks/ Giveaway Material
Wholesale Earphone Wholesale Flashlight http://www.chinawholesaletown.com/wholesale-Computer-Accessories/ Hair Products
Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
Wholesale Scarf Wholesale Raincoat http://www.chinawholesaletown.com/wholesale-Watch/ Computer Accessories
Hair Products Automotive Products http://www.chinawholesaletown.com/wholesale-Glove/ Wallet
Wholesale Raincoat Wholesale Glass http://www.chinawholesaletown.com/wholesale-Mobile-Phone/ Waterproof Case
Wholesale Pen Money Bank http://www.chinawholesaletown.com/wholesale-Album/ Christmas Gifts
View in thread
0 Votes
+ -
PITA
rag@... 7th Oct
Patch remediation on an enterprise level is almost a full time job. If it's not Microsoft's steady stream of fixes, it's Adobe.
0 Votes
+ -
Steady stream? Once a month isn't my idea of steady stream.
ye 7th Oct
@rag@...
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 7th Oct
@ye

In an enterprise, these patches must be tested against all in-house software to be certain that they do not interfere with business functions. This is an enterprise with thousands of desktop clients that must be updated. And with MS, Adobe, and other software packages constantly updating as well as updates to in-house programs. I agree with rag.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Lerianis10 8th Oct
@benched42

No, they really do not need to be 'tested against all in-house software to be certain that they do not interfere' unless that in-house software is POORLY WRITTEN!

Seriously, a few MINOR (that is what most of these 'critical updates' actually amount to) changes in a file shouldn't cause these massive problems and issues.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 10th Oct
@Lerianis10

Really? So in your enterprise you roll out these updates without testing and just assume they work? You'd last one update cycle in our enterprise.

And yes, we do have some poorly written code. But it's more expensive to rewrite our code than to test the patches and not allow them, as it's code that runs our business.

While I agree with you that "a few MINOR (that is what most of these 'critical updates' actually amount to) changes in a file shouldn't cause these massive problems and issues", the key word in your phrase is "shouldn't". Are you willing to risk your job on all users being unable to use something that is affected by an untested patch rollout? I'm not.
0 Votes
+ -
ddfs
jywhy888 7th Mar
Wholesale Bedding Baby Products Suppliers http://www.chinawholesaletown.com/wholesale-Cooler/ Cooler
Wholesale Socks China Wholesale http://www.chinawholesaletown.com/wholesale-Tag---lable/ Entertainment Supplies
Personal Safety Products Wholesale Playing Card http://www.chinawholesaletown.com/ Glove
Wholesale Compressed Products Crystal Gifts http://www.chinawholesaletown.com/wholesale-Playing-Card/ Racks
Medicine Instrument Wholesale Jewelry http://www.chinawholesaletown.com/wholesale-Eye-Masks/ Playing Card
Water Bottle Medicine Instrument http://www.chinawholesaletown.com/wholesale-Calendar/ Stapler
Coca Cola Gifts Wholesale Belt http://www.chinawholesaletown.com/wholesale-Coca-Cola-Gifts/ Mouse
Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
China Wholesale Wholesale Clothing http://www.chinawholesaletown.com/wholesale-Electroluminescent/ Advertising Material
Home Appliances Wholesale Vase http://www.chinawholesaletown.com/wholesale-USB-Flash-Drive/ Glasses
Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
Wholesale USB Flash Drive Wholesale Bookmark http://www.chinawholesaletown.com/wholesale-Banner---Flag/ Money Clip
Wholesale Mirror Bottle Opener http://www.chinawholesaletown.com/wholesale-Baby-Suppliers/ Promotional Items
Wholesale Bag Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Wallet/ Vuvuzela
Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
Wholesale Carabiner Wholesale Pedometer http://www.chinawholesaletown.com/wholesale-T-Shirts/ Coca Cola Gifts
Wholesale Golf Products Flash Gift http://www.chinawholesaletown.com/wholesale-Writing-Instrument/ Arts Crafts
Patient Care Products Hair Products http://www.chinawholesaletown.com/wholesale-Stationery/ Keychain
Wholesale Tellurion Mouse Pad http://www.chinawholesaletown.com/wholesale-Scissors/ Thermometer
World Cup Products Water Bottle http://www.chinawholesaletown.com/wholesale-Beauty-Equipment/ Voice Recorder
Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
Wholesale Jewelry Wholesale Tableware http://www.chinawholesaletown.com/wholesale-Pom-Poms/ Knife
Wholesale Waterproof Case Wholesale Cup http://www.chinawholesaletown.com/wholesale-Electrical-Gifts/ Bracelet
CD Holde Wholesale USB Flash Drive http://www.chinawholesaletown.com/wholesale-Cap/ Writing Instrument
Wholesale Shoe Wholesale lable http://www.chinawholesaletown.com/wholesale-Computer-Keyboard/ China Wholesale
Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
Wholesale Stationery Inflatable Products http://www.chinawholesaletown.com/wholesale-Name-Card-Holder/ Raincoat
Wholesale T-Shirts Name Card Holder http://www.chinawholesaletown.com/wholesale-Money-Clip/ Electrical Gifts
Wholesale Pedometer Wholesale Bangle http://www.chinawholesaletown.com/wholesale-Gift-Box---Display/ Consumer Electronics
Cleaner Products Wedding Favors http://www.chinawholesaletown.com/wholesale-Wedding-Favors/ Bedding
Lighting Products Wholesale Tellurion http://www.chinawholesaletown.com/wholesale-Socks/ Giveaway Material
Wholesale Earphone Wholesale Flashlight http://www.chinawholesaletown.com/wholesale-Computer-Accessories/ Hair Products
Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
Wholesale Scarf Wholesale Raincoat http://www.chinawholesaletown.com/wholesale-Watch/ Computer Accessories
Hair Products Automotive Products http://www.chinawholesaletown.com/wholesale-Glove/ Wallet
Wholesale Raincoat Wholesale Glass http://www.chinawholesaletown.com/wholesale-Mobile-Phone/ Waterproof Case
Wholesale Pen Money Bank http://www.chinawholesaletown.com/wholesale-Album/ Christmas Gifts
0 Votes
+ -
Buy swiss cheese instead of Windows
iRMX 7th Oct
Swiss cheese has less holes than Windows. Most users are nowadays getting frustrated when Windows based computers have to be restarted for patches this quite often. I have seen some departmental servers moved to Linux for this reason
0 Votes
+ -
Provide supporting evidence.
ye 7th Oct
@iRMX: Swiss cheese has less holes than Windows.

If memory serves correctly Windows had had less vulnerabilities than other general purpose operating systems. Come join us in the 21 century. You might like it here.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
windozefreak 7th Oct
@iRMX
Just have to open your mouth and prove to all of us that you don't have a clue. There must be something constructive you could do. On the other hand, maybe not?? In that case, could could you just please shut up??? Or, you could explain why updating/patching Windows OS to protect users is a bad thing?? I'm listening!!
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 7th Oct
@windozefreak

Why do servers have to be rebooted when applying patches? Can you answer that? (Using your words... I'm listening!!) The only time Linux servers need reboots is when there is a kernel update. (about once every year or so, if memory serves?) Rebooting servers mean downtime, managed reboots. In our enterprise, with worldwide clients connected to our servers a reboot downtime is bad.
0 Votes
+ -
Many times they don't have to be.
ye 7th Oct
@benched42 : Why do servers have to be rebooted when applying patches?

Sometimes I think it's just "because".
0 Votes
+ -
FreeBSD?
Rabid Howler Monkey 7th Oct
@benched42 wrote:
"The only time Linux servers need reboots is when there is a kernel update. (about once every year or so, if memory serves?)

Have run Debian stable (squeeze) since it's release in early February this year and have applied five (5) updates to the Linux kernel. Am also running a Debian kfreebsd system (that's with the FreeBSD kernel) and it has had only one (1) kernel update thus far.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Lerianis10 8th Oct
@benched42

BULLPLOP about the Linux thing. I know people who run Linux servers and with EVERY SINGLE UPDATE, it is recommended that they do what? A REBOOT!

So, let's stop with the lies here.

Servers reboot very fast in this day and age, there is no reason for more than say.... 15 minutes of downtime (if you have the proper extra capacity to account for downed servers) at most.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Doctor Demento 7th Oct
@iRMX
Yes because Linux NEVER sends out patches, expect, you know, practically every single day. Except for those.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Bookmark71 7th Oct
@iRMX The US drone fleet has a keylogger on it. And it isn't running Windows.......

http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 7th Oct
@Bookmark71

And you know it isn't running Windows how, exactly? If you read through the article and follow links, the agent.btz worm listed only infects Windows computers. There is no mention of the OS that has allowed the keylogger to spread. And several of the screens shown seem to have a blue bar at the bottom with a green part at the far left corner of the bottom blue bar - very similar to Windows XP Blue scheme.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
linuxfanboy 7th Oct
If they are so critical, why do we have to wait till Tuesday ?
Should everyone not turn on their Windoze box till then?
0 Votes
+ -
No need to turn off your Windows box
JazzGuyy 7th Oct
You would only need to exercise extra care if there were attacks actually taking place. There probably aren't.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 7th Oct
@JazzGuyy

So just how do you "exercise extra care" with an unpatched zero day exploit? And if they weren't "taking place" as you put it, why would Microsoft even bother with the patches?
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Doctor Demento 7th Oct
@benched42
So, you are saying that PREVENTION of exploits is not a legitimate reason to send out a patch? That Microsoft should wait to patch a vulnerability until AFTER it has been exploited? No, wait, that would be....really, really dumb.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 7th Oct
@Doctor Demento

I'm not saying that at all. What I asked is how does one "exercise extra care" when browsing? Most of the zero day exploits are run from legitimate web servers that have been hacked. How do you know what sites have or have not been compromised? You don't. You rely on the patches to close those exploit vectors. However, if a zero day exploit is published and Microsoft waits until Patch Tuesday (which happens more often than anyone would like to admit), how do we "exercise extra care" when our favorite site may be compromised?

And in answer to your question "That Microsoft should wait to patch a vulnerability until AFTER it has been exploited?" do you really think that Microsoft detects these exploit vectors on their own and issues the patches by themselves? REALLY?
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
windozefreak 8th Oct
@benched42
Because Microsoft wants to take care of their users! Answer to your other question: That's the way Microsoft designed their system. Don't like it, don't use windows! How did I do??
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 10th Oct
@windozefreak

You didn't answer the question, either. Again, the question I asked was "How do you "exercise extra care" when browsing with an unpatched zero day exploit?" Can you "exercise extra care" when browsing? Really? How?
0 Votes
+ -
Oh good...
WarhavenSC 7th Oct
I have a few more days to exploit. I was worried Microsoft might patch a critical security whole right away.
0 Votes
+ -
If there was an active exploit
JazzGuyy 7th Oct
@WarhavenSC

MS has supplied patches out-of-cycle in the past when there were active exploits. The monthly patches usually address potential exploits rather than active ones. Most active exploits seem to be created post-patches when the bad guys can use the patches to reverse-engineer attacks on those who haven't applied the patches.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Doctor Demento 7th Oct
Yes everyone knows that Microsoft is the only company that ever sends out patches for their software....Apple, Linux, all them guys, they never do that ever.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
benched42 7th Oct
@Doctor Demento

Microsoft is the only company that has an official scheduled date for those patches. The other guys publish a patch when it's ready to go out the door. There's less time delay for the other guys.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
Michael Alan Goff 8th Oct
@benched42

Have you used a Mac? Their updates are not speedy, not in the slightest. The only ones who really have a speedy update cycle are the Linux distros. And sometimes, their updates break other programs that rely on a dependency that hasn't been updated to work with whatever the other person updated.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
flboffin 7th Oct
Home users will never see the "Critical" rating for any of these updates. "Important" is the highest rating any update is given for home users (as opposed to businesses and large networks). Why does MS rate some of these updates as "Critical" and then hide that fact from home users?
0 Votes
+ -
Man are you stupid.
ye 7th Oct
@flboffin: Home users will never see the "Critical" rating for any of these updates. "Important" is the highest rating any update is given for home users (as opposed to businesses and large networks). Why does MS rate some of these updates as "Critical" and then hide that fact from home users?

Did you really just say this? Seriously?
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
xnederlandx 8th Oct
@flboffin
All updates (regardless of severity rating) which the user should install on their computer are shown as important (this is includes all security updates, along with some functionality improvements/updates). The rating does not change depending on who you are.
The "optional" updates section will (should not) contain any security updates, but only minor things, like driver updates and so forth.

If the user is really interested, they can follow the link alongside each update for more information, or just look at their monthly patch-Tuesday bulletin.
The ratings provided for these security updates (as I understand it) is so that IT admins can prioritize the roll out of these patches on their network / do their jobs more effectively.
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
flboffin Updated - 9th Oct
@xnederlandx So it's just ZDNet that calls these updates "critical"? Microsoft never uses that term? Then why differentiate between "critical" and "important" updates? There is something weird going on here. I just finished looking through my entire update history, and there are lots of "important" updates, but none rated "critical." Who is making up this "critical" term and why?
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
linmmcc 9th Oct
http://mcaf.ee/y5b3c
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
linmmcc 9th Oct
http://mcaf.ee/y5b3c
0 Votes
+ -
RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins
kksdiei 10th Oct
http://mcaf.ee/obqie

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix