Microsoft Subnet An independent Microsoft community View more

Microsoft: 16 security patches coming Tuesday, 4 critical for Windows 7

Patches for Windows Server 2008 R2, Internet Explorer 8 and Office apps are on the list, too.

The next Patch Tuesday will be huge. Microsoft expects to push out 16 patches total that address a whopping 49 holes all over the place, including Windows 7 and Windows Server 2008.

Overall, four of the patches are rated critical, 10 are rated Important and two rated moderate. Most patches will require a restart.

Windows 7 will get all four of those critical patches, though one of them is really to fix Internet Explorer 8. Windows Server 2008 R2 is scheduled to have two critical patches. Microsoft Office and SharePoint will each get a few patches, all rated important.

Microsoft doesn't give a lot of details in its advance notification about what flaws it will be fixing -- just general information as to how many, how severe, which software products are affected and if they will require a reboot or not. But here's a link to the summary document anyway.

REVISED: Security analysts are already talking up the October "Halloween" Patch Tuesday as one of the scariest on record. I just got an e-mailed statement from Paul Henry, security analyst for patch management vendor Lumension. He said, "One of the largest patch loads we’ve seen this year is coming on the heels of recommendations from Microsoft around out-of-band patches, as well as Adobe’s huge announcement earlier this week encouraging users to quarantine 25 vulnerabilities in Reader and Acrobat. While administrators will have their hands full this week since Microsoft came out with an announcement recommending quarantining machines, it is also important to remember that it is always better to prevent infection than to have to clean it up afterwards."

The fixes also don't always align with the most recent security advisories Microsoft. I asked Henry if he had expectation that Microsoft would be using this giant patch cycle to fix some of the recent outstanding security issues that folks have been hit with. He was skeptical. Microsoft did already issue an out-of-band patch in September for an ASP.Net vulnerability -- that it warned users about. It was rated important.

As usual, I will post a summary of the Patch Tuesday fixes, links to the patches and cover anything above-and-beyond that Microsoft users need to know.

Check out these other posts from Microsoft Subnet

Like RSS? Subscribe to all Microsoft Subnet bloggers. bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.) All Microsoft Subnet bloggers on Twitter @microsoftsubnet

Like e-mail? Sign up for the

Like Twitter? Follow

Follow Julie Bort on Twitter @Julie188 or connect with me on my Facebook Like Page

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies