Microsoft releasing flood of Windows security updates

**Glaswegian** · 10-09-2009, 02:49 PM

Microsoft will deliver its largest ever number of security updates to fix flaws in every version of Windows, as well as IE, Office, SQL Server, important developer tools and the enterprise grade Forefront Security client software.

Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system.

The company will ship a total of 13 updates next week, eight of them pegged 'critical', the highest threat ranking in its four step scoring system, beating the previous record of 12 updates shipped in February 2007 and again in October 2008.

"Thirteen is not a lucky number," said Andrew Storms, director of security operations at nCircle Network Security, reacting to the massive slate scheduled for 13 October. "They've been a busy bunch at Microsoft, that's for sure."

Storms was unable to parse today's advance notification, Microsoft's way of forewarning customers with the barest of details, including the number of updates, their ranking and the software they impact, to determine whether the company will patch the still unfixed vulnerability in SMB 2. "There's just too much data here to use the deduction method," said Storms. "But with all that's here, you have to imagine that it's going to be patched."

The bug in SMB (Server Message Block) 2, a Microsoft network file- and print-sharing protocol that ships with Windows, was first revealed by Microsoft on 7 September. Since then, attack code has gone public, although security researchers have not seen any attacks in the wild. The flaw affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.

Of the 13 updates, Storms put the patches scheduled for SQL Server, Visual Studio and IE at the top of his list.

"The SQL Server update will affect a lot of people, especially those who use it as the backend for their Web sites. And the Visual Studio update makes me wonder if it's another fix for ATL," Storms said, referring to the Active Template Library (ATL) bug that Microsoft itself introduced in its popular development platform.

http://news.techworld.com/security/3...dates/?olo=rss

10-09-2009, 02:49 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,382 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Microsoft releasing flood of Windows security updates Microsoft will deliver its largest ever number of security updates to fix flaws in every version of Windows, as well as IE, Office, SQL Server, important developer tools and the enterprise grade Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The company will ship a total of 13 updates next week, eight of them pegged 'critical', the highest threat ranking in its four step scoring system, beating the previous record of 12 updates shipped in February 2007 and again in October 2008. "Thirteen is not a lucky number," said Andrew Storms, director of security operations at nCircle Network Security, reacting to the massive slate scheduled for 13 October. "They've been a busy bunch at Microsoft, that's for sure." Storms was unable to parse today's advance notification, Microsoft's way of forewarning customers with the barest of details, including the number of updates, their ranking and the software they impact, to determine whether the company will patch the still unfixed vulnerability in SMB 2. "There's just too much data here to use the deduction method," said Storms. "But with all that's here, you have to imagine that it's going to be patched." The bug in SMB (Server Message Block) 2, a Microsoft network file- and print-sharing protocol that ships with Windows, was first revealed by Microsoft on 7 September. Since then, attack code has gone public, although security researchers have not seen any attacks in the wild. The flaw affects Windows Vista, Windows Server 2008 and preview releases of Windows 7. Of the 13 updates, Storms put the patches scheduled for SQL Server, Visual Studio and IE at the top of his list. "The SQL Server update will affect a lot of people, especially those who use it as the backend for their Web sites. And the Visual Studio update makes me wonder if it's another fix for ATL," Storms said, referring to the Active Template Library (ATL) bug that Microsoft itself introduced in its popular development platform. http://news.techworld.com/security/3...dates/?olo=rss __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner