Microsoft to release 16 bulletins with a critical fix release for Internet Explorer on its next Patch Tuesday


Microsoft has announced that it is to release 16 bulletins, addressing 49 vulnerabilities on its next Patch Tuesday.

Microsoft has announced that it is to release 16 bulletins, addressing 49 vulnerabilities on its next Patch Tuesday.

Scheduled for release on the 12th October, security response senior communications manager Carlene Chmaj said that the vulnerabilities cover Windows, Internet Explorer, Microsoft Office and the .NET Framework, with four of the bulletins carrying a critical rating, ten important and two are moderate.

Wolfgang Kandek, CTO of Qualys, said: “One of the critical updates is for Internet Explorer, applicable to version 6, 7 and 8; Microsoft Office is affected by two bulletins, one for Word and one for Excel on all platforms including Mac OS X. Each vulnerability is rated with a severity of ‘important', which is Microsoft's standard rating for file format vulnerabilities, as they require user interaction to be triggered. For the first time the new Microsoft Word 2010 is included in an advisory."

Jason Miller, data and security team leader at Shavlik Technologies, said: “Typically, Microsoft follows a light month of patches with a heavy month of patches, although, last month's ‘light' patch month contained nine new bulletins. This month will be particularly challenging for administrators as most patch scenarios will hit every machine on a network.”

Andrew Storms, director of security operations for nCircle, said: “October is usually a heavy month for Microsoft security bulletins and that trend definitely continues this year with a record setting 16 bulletins and 49 CVEs.

“The theory behind the larger October patch is that many industries go into ‘lock-down' mode with their critical infrastructure as the end of year approaches. Finance and retail sectors in particular are extremely careful with changes in the latter part of the year given the heavy volume of online shopping.

“The outstanding DLL load hijacking vulnerabilities are not specifically spelled out as being fixed this month. We'll have to wait and see how Microsoft chooses to address this issue.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike