Microsoft set to release eight critical and five important vulnerability patches on Tuesday

News by SC Staff

Microsoft is to release 13 patches for its monthly update that will cover eight critical and five important vulnerabilities.

Microsoft is to release 13 patches for its monthly update that will cover eight critical and five important vulnerabilities.

An advanced bulletin confirmed that among the critical bulletins are fixes for outstanding vulnerabilities in the server message block (SMB) network protocol and the FTP service in internet information services.

Andrew Clarke, senior VP of Lumension, said: “Bulletin five presents an increased threat for ‘drive-by malware' because it concerns the most current versions of Internet Explorer - versions seven and eight - on multiple operating system platforms, making this vulnerability a prime target for web-born malware writers and malicious web operators.”

Of the batch, Clarke claimed that Bulletin 12 raises a red flag as it is labelled as critical and affects a large number of operating systems, core services and applications.

Clarke said: “Given its prevalence, it is most likely a low level vulnerability shared within the operating system itself that needs to be fixed. If exploited, it could allow the propagation of an internet worm without user action. Before deploying this patch into production environments, it is essential that IT administrators test it vigorously to ensure services are not impacted by unexpected results.”

He also recommended organisations pay close attention to the details listed in Bulletins seven and nine, which are labelled as ‘important', to determine how critical they are within their business environments.

A statement by Microsoft, said: “For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning.”

A blog response by F-Secure, said: “It's not exactly Friday the 13th-style mayhem, but there's going to be some patching madness coming up.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike