Another bumper Patch Tuesday on the way

**Glaswegian** · 06-05-2009, 01:30 PM

Microsoft is set for a bumper Patch Tuesday next week with 10 security updates planned. The company is looking to fix serious bugs in Windows, Internet Explorer (IE), Word and Excel.

If the company follows through on its plans - sometimes Microsoft ditches an update at the last minute - next week's Patch Tuesday will be the largest since October 2008.

"We're back to a normal load," said Andrew Storms, director of security operations at nCircle Network Security. "Some may think of it as pretty big, but really, for anyone who's dealt with Patch Tuesday for the last five years, it's what we should be expecting."

Last month, Microsoft issued just one security update, a 14-patch fix for PowerPoint.

Of the 10 updates Microsoft announced today in its monthly advance notification, six will affect Windows, and one each will patch problems in Internet Explorer (IE), Word, Excel and Microsoft Office. Six of the 10 were marked "critical," Microsoft's highest threat ranking, while three were judged "moderate" and one as "important."

The six critical updates will patch Windows (which gets two of the updates), IE, Word, Excel and Office.

"The red flag is going to be [the] IE [update]." said Storms. "It's critical, it's on all versions [of Windows], and it's even critical in Vista for IE7 and IE8."

IE8, which was released in March, is Microsoft's most security-conscious browser yet. Tuesday's update will provide the first-ever production patches for IE8.

Storms also pointed out that it looks like Microsoft won't protect Mac users this month. "We don't have the PowerPoint for the Mac patches," he said after reviewing the advance notice. Last month, Microsoft took the unusual step of patching the Windows versions of PowerPoint, but not the Mac editions, saying that it didn't want to postpone the update to await Mac fixes.

Attackers had been exploiting the PowerPoint bug in Windows since at least early April. "[But] none of the exploit samples we have analysed will reliably exploit the Mac version, so we didn't want to hold the Windows security update while we wait for Mac packages," Jonathan Ness, an engineer at the Microsoft Security Response Center, explained last month.

http://www.techworld.com/security/ne...&NewsID=116989

06-05-2009, 01:30 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,499 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Another bumper Patch Tuesday on the way Microsoft is set for a bumper Patch Tuesday next week with 10 security updates planned. The company is looking to fix serious bugs in Windows, Internet Explorer (IE), Word and Excel. If the company follows through on its plans - sometimes Microsoft ditches an update at the last minute - next week's Patch Tuesday will be the largest since October 2008. "We're back to a normal load," said Andrew Storms, director of security operations at nCircle Network Security. "Some may think of it as pretty big, but really, for anyone who's dealt with Patch Tuesday for the last five years, it's what we should be expecting." Last month, Microsoft issued just one security update, a 14-patch fix for PowerPoint. Of the 10 updates Microsoft announced today in its monthly advance notification, six will affect Windows, and one each will patch problems in Internet Explorer (IE), Word, Excel and Microsoft Office. Six of the 10 were marked "critical," Microsoft's highest threat ranking, while three were judged "moderate" and one as "important." The six critical updates will patch Windows (which gets two of the updates), IE, Word, Excel and Office. "The red flag is going to be [the] IE [update]." said Storms. "It's critical, it's on all versions [of Windows], and it's even critical in Vista for IE7 and IE8." IE8, which was released in March, is Microsoft's most security-conscious browser yet. Tuesday's update will provide the first-ever production patches for IE8. Storms also pointed out that it looks like Microsoft won't protect Mac users this month. "We don't have the PowerPoint for the Mac patches," he said after reviewing the advance notice. Last month, Microsoft took the unusual step of patching the Windows versions of PowerPoint, but not the Mac editions, saying that it didn't want to postpone the update to await Mac fixes. Attackers had been exploiting the PowerPoint bug in Windows since at least early April. "[But] none of the exploit samples we have analysed will reliably exploit the Mac version, so we didn't want to hold the Windows security update while we wait for Mac packages," Jonathan Ness, an engineer at the Microsoft Security Response Center, explained last month. http://www.techworld.com/security/ne...&NewsID=116989 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner