Microsoft has announced that it is to release 16 bulletins, addressing 49 vulnerabilities on its next Patch Tuesday.
Scheduled for release on the 12th October, security response senior communications manager Carlene Chmaj said that the vulnerabilities cover Windows, Internet Explorer, Microsoft Office and the .NET Framework, with four of the bulletins carrying a critical rating, ten important and two are moderate.
Wolfgang Kandek, CTO of Qualys, said: “One of the critical updates is for Internet Explorer, applicable to version 6, 7 and 8; Microsoft Office is affected by two bulletins, one for Word and one for Excel on all platforms including Mac OS X. Each vulnerability is rated with a severity of ‘important', which is Microsoft's standard rating for file format vulnerabilities, as they require user interaction to be triggered. For the first time the new Microsoft Word 2010 is included in an advisory."
Jason Miller, data and security team leader at Shavlik Technologies, said: “Typically, Microsoft follows a light month of patches with a heavy month of patches, although, last month's ‘light' patch month contained nine new bulletins. This month will be particularly challenging for administrators as most patch scenarios will hit every machine on a network.”
Andrew Storms, director of security operations for nCircle, said: “October is usually a heavy month for Microsoft security bulletins and that trend definitely continues this year with a record setting 16 bulletins and 49 CVEs.
“The theory behind the larger October patch is that many industries go into ‘lock-down' mode with their critical infrastructure as the end of year approaches. Finance and retail sectors in particular are extremely careful with changes in the latter part of the year given the heavy volume of online shopping.
“The outstanding DLL load hijacking vulnerabilities are not specifically spelled out as being fixed this month. We'll have to wait and see how Microsoft chooses to address this issue.”