Brace yourself for a bumper Patch Tuesday say experts
Next week's round of Patch Tuesday updates from Microsoft is set to be the biggest so far this year with 16 bulletins in total, five of which are rated Critical and nine as Important.
Most of the Critical bulletins are for Windows components and affect a range of supported systems. Karl Sigler, Threat Intelligence Manager at Trustwave says, "If you are currently running a supported version of Windows, you will want to update as soon as these updates become available. These are some of the nastier vulnerabilities we've seen in Windows in a while".
It's likely that one of these bulletins will address the OLE remote code execution for which a security advisory was published last month. Exploits have continued in the wild and it’s likely that two or three of the critical patches will address this according to Chris Goettl, product manager with enterprise systems specialist Shavlik.
There will be an update to .NET Framework too which Goettl says, "...usually means a little longer time on the maintenance window as those patches tend to take a little longer than the average OS patch to install".
Patches for the Windows 10 and Windows Server Technical Previews will be available in this round too which is a good opportunity to try out the update process on the new OS.
Wolfgang Kandek CTO of Qualsys points out that despite the large number of updates this month, "Overall the additional 16 bulletins will bring Microsoft's count up to 79, meaning that we will finish the year under 100 vulnerabilities, which is a bit lower than in 2013 and 2011 and probably on par with 2012".
Kandek believes that bulletin 2, which covers all versions of Internet Explorer from IE6 on Windows 2003 to IE11 on Windows 8.1, should be the highest priority for admins since there's a whole underground industry developing browser exploit kits.
The Important bulletins address Windows, the .NET runtime framework and Word along with the SharePoint and Exchange servers. If you have automatic updates turned on all of the required updates will be downloaded as they become available. A reboot will be needed to complete the installation.
Adobe has put out Flash updates on all but one of this year's patch Tuesdays, so you can add that to your list of things to do too.