Microsoft slates critical Windows, IE fixes for next week

It will be another double-digit patch month for IE, security professional predicts

patch internet explorer
Credit: CSO staff

Microsoft Thursday said it will release nine security updates next week, twice the number of last month, with fixes slated for Internet Explorer (IE), Windows, SharePoint Server, and Web app developer tools.

Three of the nine were rated "critical," Microsoft's most serious threat ranking. Five others were tagged "important," the next step down in the company's four-level scoring system, while the ninth was labeled "moderate."

Five of the updates were identified as fixing vulnerabilities that, if exploited, could result in "remote code execution," or in plainer English, let hackers compromise a system and install malware on the machine. Three others were to patch less dire "elevation of privilege" bugs.

"Bulletin 1," as Microsoft pegged the IE update in Thursday's advance notice of next week's Patch Tuesday releases, will repair all supported versions of the browser, from the aged IE6 on Windows Server 2003 to the newest, IE11, on Windows 7 and Windows 8.1. The fix for IE on Windows clients -- Vista, Windows 7 and Windows 8/8.1 -- was ranked critical but tapped as moderate on the server side.

Microsoft did not disclose the number of individual IE vulnerabilities it intends to patch on Tuesday, but in the last four months the company has quashed 147 bugs in the browser: 60 in June, 24 in July, 26 in August, and 37 in September.

"There is a strong likelihood [this month's IE update] will resolve a number of vulnerabilities in the double digits," Chris Goettl, product manager at Shavlik, said in an email, noting the trend.

Not surprisingly, Goettl and other security experts pushed the IE update to the top of their must-patch lists.

The two remaining critical updates will patch all supported editions of Windows, including the newest Windows 8.1 and the dominant corporate OS, Windows 7.

Important updates will affect Office 2007 and Office 2010 on Windows -- but not the newest Office 2013 -- Office for Mac 2011, and SharePoint Sever 2010; various versions of Windows, both client and server; and APS-.Net MVC, an open-source framework for building Web apps.

The single moderate bulletin is to patch the Japanese version of Office 2007's IME (input method editor), a Windows add-on that makes it easier to type on keyboards that don't have room for the thousands of characters used by some languages, like Japanese and Chinese.

Microsoft will release its nine security updates on Oct. 14 around 10 a.m. PT (1 p.m. ET).

This story, "Microsoft slates critical Windows, IE fixes for next week" was originally published by Computerworld.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.