Microsoft's October Patch Release Advance Notice
After only a handful of patches were released with September's update Microsoft are expecting to release 11 patches for October.
Of the 11 patches, four attract Microsoft's highest rating, of Critical. These patches are expected for Windows, Host Integration Server, Office, and a cumulative Internet Explorer patch.
The six patches labelled as Important are all for Windows, while the Moderate patch will be for Office.
While it would be expected that all of the Critical patches are for remote code execution opportunities (and they are), some of the Important patches are also for remote code execution problems. Given that Microsoft has done this in the past, it suggests that the affected components are not present in a default Windows installation and that some level of user modification / configuration is required away from the standard installation in order for them to be vulnerable.
Users of Microsoft Office on OS X should also expect to receive updates for some of the Office vulnerabilities.
In addition to the routine updates to the Malicious Software Removal Tool, and the high-priority, non-security updates, Microsoft will be introducing the Exploitability Index alongside this month's patches. The tool was introduced at this year's Black Hat conference in Las Vegas. It will be interesting to watch to see if the addition of the Index provides any extra benefit to users and administrators, or if it merely identifies which vulnerabilities are more vulnerable to exploitation if left unpatched.
11 October 2008
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.