Microsoft Readies 13 Security Bulletins for August Patch Cycle
Expect a busy August as Microsoft has released its advance bulletin of security fixes that contains 13 updates -- two "critical," nine "important" and two "moderate." The patch will cover a broad range of Microsoft OS platforms, Office and developer tools this month.
As usual, remote code execution exploit considerations led the pack and will affect four items. Additionally, there will be three information disclosure, three denial-of-service and three elevation-of-privilege bulletins this month.
The first critical item is a Windows Patch affecting every supported OS.
Marcus Carey, a security researcher at Rapid7 says that though only two of these are ranked "critical," the one related to Internet Explorer is key.
"It includes versions IE6, IE7, IE8 and IE9, and many of Microsoft's current operating systems, including Windows XP, Vista, 7, Server 2008 and Server 2008 R2," he said. "As a result, this bulletin is likely to be relevant to all corporate and home users."
The second (and last) critical bulletin expected in the slate for August is also a Windows patch, which will affect only Windows Server 2003 and 2008.
The nine important bulletins are expected to affect Microsoft Office, .NET Framework and Microsoft Developer Tools. These items cut across a wide swath of operating system editions but will most predominately affect Windows Server 2003 and 2008, and Windows 7, with limited (but notable) exposure to Windows XP and Vista platforms.
The important items will keep Windows IT pros really busy, according to Paul Henry, security and forensic analyst at Lumension, who said that the last month has been hectic from a security standpoint, especially for processing environments with a complex stack.
"Outside of Microsoft, IT teams are still recovering from the 78 patches released by Oracle on July 19 and the update to Apple Lion released on July 20th. Further, the parade of flaws in mobile platforms and apps continues this period -- Android, Apple and BlackBerry all have issues that need to be addressed," Henry said.
The first moderate item will touch .NET Framework for every supported OS.
The last moderate item is an OS-level patch and it affects Vista, Windows 7 and Windows Server 2008.
All bulletins in August's patch batch may require a restart.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.