MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

Summary: Two of the eight bulletins --affecting IE, Windows and .Net Framework and Silverlight -- will be rated "critical," Microsoft's highest severity rating.

SHARE:
TOPICS: Browser, Microsoft
34

Microsoft's monthly pilgrimage to the security patch altar will resume next Tuesday with fixes for gaping security holes in software products used by tens of millions of computer users.

In all, the Redmond, Wash. software maker will ship 8 security bulletins to address at least 23 documented vulnerabilities affecting the Internet Explorer browser, the Microsoft Windows operating system, .NET Framework and Silverlight, Microsoft Forefront UAG, and Microsoft Host Integration Server.

Two of the eight bulletins --affecting IE, Windows and .Net Framework and Silverlight -- will be rated "critical," Microsoft's highest severity rating.  Microsoft typically slaps a "critical" rating on vulnerabilities that can be exploited remotely to launch code execution attacks without any user action.

The other six bulletins will be rated "important," according to an advance notice from Microsoft.

Some of these patches will require a restart after the affected machine is updated.

Topics: Browser, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • PITA

    Patch remediation on an enterprise level is almost a full time job. If it's not Microsoft's steady stream of fixes, it's Adobe.
    rag@...
    • Steady stream? Once a month isn't my idea of steady stream.

      @rag@...
      ye
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @ye

        In an enterprise, these patches must be tested against all in-house software to be certain that they do not interfere with business functions. This is an enterprise with thousands of desktop clients that must be updated. And with MS, Adobe, and other software packages constantly updating as well as updates to in-house programs. I agree with rag.
        benched42
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @benched42

        No, they really do not need to be 'tested against all in-house software to be certain that they do not interfere' unless that in-house software is POORLY WRITTEN!

        Seriously, a few MINOR (that is what most of these 'critical updates' actually amount to) changes in a file shouldn't cause these massive problems and issues.
        Lerianis10
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @Lerianis10

        Really? So in your enterprise you roll out these updates without testing and just assume they work? You'd last one update cycle in our enterprise.

        And yes, we do have some poorly written code. But it's more expensive to rewrite our code than to test the patches and not allow them, as it's code that runs our business.

        While I agree with you that "a few MINOR (that is what most of these 'critical updates' actually amount to) changes in a file shouldn't cause these massive problems and issues", the key word in your phrase is "shouldn't". Are you willing to risk your job on all users being unable to use something that is affected by an untested patch rollout? I'm not.
        benched42
  • Buy swiss cheese instead of Windows

    Swiss cheese has less holes than Windows. Most users are nowadays getting frustrated when Windows based computers have to be restarted for patches this quite often. I have seen some departmental servers moved to Linux for this reason
    GoForTheBest
    • Provide supporting evidence.

      @iRMX: [i]Swiss cheese has less holes than Windows.[/i]

      If memory serves correctly Windows had had less vulnerabilities than other general purpose operating systems. Come join us in the 21 century. You might like it here.
      ye
    • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

      @iRMX
      Just have to open your mouth and prove to all of us that you don't have a clue. There must be something constructive you could do. On the other hand, maybe not?? In that case, could could you just please shut up??? Or, you could explain why updating/patching Windows OS to protect users is a bad thing?? I'm listening!!
      eargasm
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @windozefreak

        Why do servers have to be rebooted when applying patches? Can you answer that? (Using your words... I'm listening!!) The only time Linux servers need reboots is when there is a kernel update. (about once every year or so, if memory serves?) Rebooting servers mean downtime, managed reboots. In our enterprise, with worldwide clients connected to our servers a reboot downtime is bad.
        benched42
      • Many times they don't have to be.

        @benched42 : [i]Why do servers have to be rebooted when applying patches?[/i]

        Sometimes I think it's just "because".
        ye
      • FreeBSD?

        @benched42 wrote:
        "The only time Linux servers need reboots is when there is a kernel update. (about once every year or so, if memory serves?)

        Have run Debian stable (squeeze) since it's release in early February this year and have applied five (5) updates to the Linux kernel. Am also running a Debian kfreebsd system (that's with the FreeBSD kernel) and it has had only one (1) kernel update thus far.
        Rabid Howler Monkey
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @benched42

        BULLPLOP about the Linux thing. I know people who run Linux servers and with EVERY SINGLE UPDATE, it is recommended that they do what? A REBOOT!

        So, let's stop with the lies here.

        Servers reboot very fast in this day and age, there is no reason for more than say.... 15 minutes of downtime (if you have the proper extra capacity to account for downed servers) at most.
        Lerianis10
    • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

      @iRMX
      Yes because Linux NEVER sends out patches, expect, you know, practically every single day. Except for those.
      Doctor Demento
    • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

      @iRMX The US drone fleet has a keylogger on it. And it isn't running Windows.......

      http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/
      Admin71
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @Bookmark71

        And you know it isn't running Windows how, exactly? If you read through the article and follow links, the agent.btz worm listed only infects Windows computers. There is no mention of the OS that has allowed the keylogger to spread. And several of the screens shown seem to have a blue bar at the bottom with a green part at the far left corner of the bottom blue bar - very similar to Windows XP Blue scheme.
        benched42
  • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

    If they are so critical, why do we have to wait till Tuesday ?
    Should everyone not turn on their Windoze box till then?
    linuxfanboy
  • No need to turn off your Windows box

    You would only need to exercise extra care if there were attacks actually taking place. There probably aren't.
    JazzGuyy
    • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

      @JazzGuyy

      So just how do you "exercise extra care" with an unpatched zero day exploit? And if they weren't "taking place" as you put it, why would Microsoft even bother with the patches?
      benched42
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @benched42
        So, you are saying that PREVENTION of exploits is not a legitimate reason to send out a patch? That Microsoft should wait to patch a vulnerability until AFTER it has been exploited? No, wait, that would be....really, really dumb.
        Doctor Demento
      • RE: MS Patch Tuesday heads-up: Expect 'critical' IE, Windows bulletins

        @Doctor Demento

        I'm not saying that at all. What I asked is how does one "exercise extra care" when browsing? Most of the zero day exploits are run from legitimate web servers that have been hacked. How do you know what sites have or have not been compromised? You don't. You rely on the patches to close those exploit vectors. However, if a zero day exploit is published and Microsoft waits until Patch Tuesday (which happens more often than anyone would like to admit), how do we "exercise extra care" when our favorite site may be compromised?

        And in answer to your question "That Microsoft should wait to patch a vulnerability until AFTER it has been exploited?" do you really think that Microsoft detects these exploit vectors on their own and issues the patches by themselves? REALLY?
        benched42