Articles about Patch Tuesday

An advance notification regarding Microsoft's Patch Tuesday promises eight security updates to Windows, Office, and IE vulnerabilities and eight more non-security related updates for Windows Update and Windows Server Update Services.

Five of the patches are rated as "Critical," the highest level of severity given to updates, and most of those patches affect Windows Vista and Windows Server 2008. The remaining three updates are classified as "Important." These updates may require a restart. There will also be eight high priority but non-security related updates on Windows Update and Windows Server Update Service.

Continue reading →

Compared with previous Patch Tuesdays, November's version was quite small with Microsoft releasing only two patches for the Windows operating system: one rated critical and the other important.

The critical patch addresses an issue with how the Windows shell handles URIs. A specially crafted URI could allow an attacker to execute arbitrary code due to an error in the way it is validated.

Continue reading →

Microsoft has announced that it will issue seven security bulletins on Tuesday, fixing issues in Windows, Office and Outlook Express. Four of the patches will cover "Critical" vulnerabilities while another three deal with problems rated "Important."

The four critical issues involve remote code execution on Windows and in Office. The Important fixes are for denial of service, spoofing and elevation of privilege flaws. Each month, Microsoft announces details of upcoming patches the week before, but does not go into specifics of what vulnerabilities are covered. Separately, three non-security, high-priority updates will be released Tuesday on Microsoft Update with another being delivered via Windows Update.

Continue reading →

Microsoft dropped one patch from its Patch Tuesday lineup, instead only releasing four patches, one of which was critical.

Based on the list provided by Microsoft last Thursday, it appears as if the company nixed the fix aimed at the company's SharePoint product. That patch would have repaired an issue concerning an elevation of privilege risk.

Continue reading →

By recent standards, September's Patch Tuesday will be mild, with only five patches and one being rated "critical."

In the past several months, Microsoft has dealt with more critical errors in its products with four in June, three in July, and six in August. However, this month, the only critical patch will be issued for a remote code execution issue within Windows.

Continue reading →

Yesterday afternoon, Microsoft's security engineers formally ruled out the possibility of its regular monthly "Patch Tuesday" update sequence as having triggered a worldwide outage of Skype VoIP communication service on Thursday, which lasted for about two days.

In a company blog post yesterday morning, Skype engineers disclosed that they suspected a wave of client-side reboots were triggered by Patch Tuesday at roughly the same time. The temporary reduction in P2P traffic capacity that followed, Villu Arak said, triggered a failure of the Skype VoIP network. This was after Arak had blamed an internal server software glitch, during the time of the outage.

Continue reading →

Microsoft plans to release nine patches as part of its August Patch Tuesday release, including six critical fixes for a host of code execution issues in several of its products. The patches will plug holes in XML Core Services, Windows, Internet Explorer, Office for both Windows and Mac, and Visual Basic.

In addition, three patches rated "important" will be released for two less severe code execution issues, and an elevation of privilege risk. The former patches are for Windows and Windows Vista, while the latter affects Virtual PC and Virtual Server. Microsoft said it planned to hold a webcast next Wednesday at 11:00am PT to discuss the releases.

Continue reading →

Microsoft is taking the guesswork out of Patch Tuesday by detailing the type and severity of patches in its new Advance Notification bulletins. The first of these is being used for July's Patch Tuesday. From the bulletin, it appears that Microsoft will issue six patches, three of which are be critical, two moderate, and one important. Patches will repair issues in Office, Windows, and the .NET Framework, including a specfic patch for Windows Vista.

Of the critical updates, remote code excution flaws in Excel, Windows, and the .NET Framework will be fixed. Both important patches will also fix remote code execution vulnerabilities in Publisher and Windows XP Professional. The final patch, rated moderate, will fix an information disclosure vulnerability within Windows Vista.

Continue reading →

Even if today's most prominent malicious software writers aren't particularly clever - waiting until security engineers discover another Windows problem then going after it with a "zero-day exploit" - engineers at McAfee's Avert Labs believe they may actually be learning about how to use timing to maximize their impact on the public.

The team is saying they believe malicious writers now tend to release their code on Microsoft's regular Patch Tuesday, in order to maximize its window of opportunity to exploit systems before the next month's Patch Tuesday rolls around.

Continue reading →

As part of its regular monthly update cycle, Microsoft plans to release five security fixes next Tuesday, of which at least two would be rated "critical." Four patches would be aimed at Microsoft Windows, while the remaining fix would be a critical patch for Microsoft Content Management Server. Still unpatched is a code-execution hole in Microsoft Word that the Redmond company has known about since mid-February.

That bug, along with a PowerPoint bug reported to Microsoft in July 2005 still remain unpatched, according to security firm FrSIRT. Aside from the security patches, two non-security updates would be issued through Windows Update, and four through Microsoft Update.

Continue reading →

Just one day before Valentine's Day, Microsoft plans to release twelve patches fixing a variety of issues in Windows, Office, Visual Studio, and several other applications. At least five of these patches will be rated "critical."

There could be an easy explanation for the unusually large size of Patch Tuesday this month. Four patches slated for release last month were dropped at the last hour, including a Windows-Visual Studio update that appeared in the advanced notification but never appeared.

Continue reading →

An eleventh hour change halved the number of expected security patches to four. However, missing from this month's updates are fixes for any of several zero-day attacks affecting the Microsoft Office suite.

No reasons were given for the change of plan, but when updates are pulled, quality assurance issues are generally the cause. One of the removed updates was for an Office flaw, but it is not clear whether the fix was for any of the aforementioned issues.

Continue reading →

Microsoft will issue six security patches next Tuesday, of which at least two will have a rating of critical. Missing from this list is a patch for a recently discovered zero-day flaw in Word: no updates are scheduled for the Office suite.

All of the patches except one will fix various issues for the Windows operating system, with one of those being critical. The sixth will be a critical patch for users of Microsoft's Visual Studio programming application.

Continue reading →

Microsoft said Thursday that it would release twelve patches as part of its August Patch Tuesday, with ten of them intended for Windows and two fixing issues in Microsoft Office. Both groups of patches are expected to have at least one "critical" issue.

Patches for Microsoft's flagship productivity suite have become a regular occurrence as a bevy of zero-day attacks have surfaced in recent months. The most recent was a PowerPoint exploit that appeared shortly after the July patch release.

Continue reading →

Microsoft released a bevy of critical updates Tuesday, with a focus on the multitude of Excel vulnerabilities that have sprung up over recent months.

Eight different flaws within the popular spreadsheet program were fixed in a single update, along with two critical flaws in Windows, two other critical issues affecting Office and other Microsoft programs, and "important" issues with the .NET Framework and IIS.

Continue reading →