Microsoft: 16 security patches coming Tuesday, 4 critical for Windows 7

Patches for Windows Server 2008 R2, Internet Explorer 8 and Office apps are on the list, too.

The next Patch Tuesday will be huge. Microsoft expects to push out 16 patches total that address a whopping 49 holes all over the place, including Windows 7 and Windows Server 2008.

Overall, four of the patches are rated critical, 10 are rated Important and two rated moderate. Most patches will require a restart.

Windows 7 will get all four of those critical patches, though one of them is really to fix Internet Explorer 8. Windows Server 2008 R2 is scheduled to have two critical patches. Microsoft Office and SharePoint will each get a few patches, all rated important.

Microsoft doesn't give a lot of details in its advance notification about what flaws it will be fixing -- just general information as to how many, how severe, which software products are affected and if they will require a reboot or not. But here's a link to the summary document anyway.

REVISED: Security analysts are already talking up the October "Halloween" Patch Tuesday as one of the scariest on record. I just got an e-mailed statement from Paul Henry, security analyst for patch management vendor Lumension. He said, "One of the largest patch loads we’ve seen this year is coming on the heels of recommendations from Microsoft around out-of-band patches, as well as Adobe’s huge announcement earlier this week encouraging users to quarantine 25 vulnerabilities in Reader and Acrobat. While administrators will have their hands full this week since Microsoft came out with an announcement recommending quarantining machines, it is also important to remember that it is always better to prevent infection than to have to clean it up afterwards."

The fixes also don't always align with the most recent security advisories Microsoft. I asked Henry if he had expectation that Microsoft would be using this giant patch cycle to fix some of the recent outstanding security issues that folks have been hit with. He was skeptical. Microsoft did already issue an out-of-band patch in September for an ASP.Net vulnerability -- that it warned users about. It was rated important.

As usual, I will post a summary of the Patch Tuesday fixes, links to the patches and cover anything above-and-beyond that Microsoft users need to know.

Check out these other posts from Microsoft Subnet

• All of today's Microsoft news and blogs
• Microsoft Proposes Each PC Needs A Health Certificate or No Net Access Allowed
• Troubleshooting database problems
• Bill Gates, Microsoft call on you to contribute to education reform
• Microsoft is nearly invisible in the mainstream press
• Carry an instant Windows 7 hotspot in your pocket
• Microsoft beat up, then defended over ancient IE8 zero-day

Like RSS? Subscribe to all Microsoft Subnet bloggers.
Like e-mail? Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Like Twitter? Follow All Microsoft Subnet bloggers on Twitter @microsoftsubnet

Follow Julie Bort on Twitter @Julie188 or connect with me on my Facebook Like Page

• Microsoft

• 'windows 7

• Patch Tuesday

• Windows Server 2008 R2