Microsoft will release nine security bulletins next week, three of which are rated as critical.
With another five rated as important and one rated as moderate, the updates are for Windows, Internet Explorer, Office, .NET Framework and ASP.NET. This is also the first monthly patch release since the Trustworthy Computing Group was closed.
Russ Ernst, director of product management at Lumension, said: “The security group anyway is definitely still hard at work. Given the very nature of software, there has to be some kind of patch model. While time will tell, it appears Microsoft did a reorganisation that hopefully will ensure stronger patch delivery.
“Next week’s patch load will include the typical – another critical update for IE and a wide variety of software products will be impacted this month. Vulnerabilities discovered in most versions of Windows Server, Win 7 and 8 and the .NET framework make up this month’s 3 critical bulletins.
“Bulletin 4 is ranked moderate. This is a classification we haven’t seen for some time. It impacts a possible elevation of privilege in Microsoft Office IME. Bulletin 6 covers off on a possible remote code execution in Microsoft Office Web Apps and bulletin 9 is for a security feature bypass in ASP.NET.”
Karl Sigler, threat intelligence manager at Trustwave, said: “All supported Windows PC-based operating systems and Windows server-based operating systems are affected due to many of the Microsoft Windows bulletins are based on internal OS components.
“These include Windows operating systems as old as Windows Server 2003 and as new as Windows 8.1 and Windows Server 2012 R2. Since a restart will be required to install these updates, you may want to plan ahead for that during your scheduled maintenance window and plan on having an extra coffee break next Tuesday.”
