The next Patch Tuesday will be huge. Microsoft expects to push out 16 patches total that address a whopping 49 holes all over the place, including Windows 7 and Windows Server 2008.
Overall, four of the patches are rated critical, 10 are rated Important and two rated moderate. Most patches will require a restart.
Windows 7 will get all four of those critical patches, though one of them is really to fix Internet Explorer 8. Windows Server 2008 R2 is scheduled to have two critical patches. Microsoft Office and SharePoint will each get a few patches, all rated important.
Microsoft doesn't give a lot of details in its advance notification about what flaws it will be fixing -- just general information as to how many, how severe, which software products are affected and if they will require a reboot or not. But here's a link to the summary document anyway.
REVISED: Security analysts are already talking up the October "Halloween" Patch Tuesday as one of the scariest on record. I just got an e-mailed statement from Paul Henry, security analyst for patch management vendor Lumension. He said, "One of the largest patch loads we’ve seen this year is coming on the heels of recommendations from Microsoft around out-of-band patches, as well as Adobe’s huge announcement earlier this week encouraging users to quarantine 25 vulnerabilities in Reader and Acrobat. While administrators will have their hands full this week since Microsoft came out with an announcement recommending quarantining machines, it is also important to remember that it is always better to prevent infection than to have to clean it up afterwards."
The fixes also don't always align with the most recent security advisories Microsoft. I asked Henry if he had expectation that Microsoft would be using this giant patch cycle to fix some of the recent outstanding security issues that folks have been hit with. He was skeptical. Microsoft did already issue an out-of-band patch in September for an ASP.Net vulnerability -- that it warned users about. It was rated important.
As usual, I will post a summary of the Patch Tuesday fixes, links to the patches and cover anything above-and-beyond that Microsoft users need to know.
Check out these other posts from Microsoft Subnet
- All of today's Microsoft news and blogs
- Microsoft Proposes Each PC Needs A Health Certificate or No Net Access Allowed
- Troubleshooting database problems
- Bill Gates, Microsoft call on you to contribute to education reform
- Microsoft is nearly invisible in the mainstream press
- Carry an instant Windows 7 hotspot in your pocket
- Microsoft beat up, then defended over ancient IE8 zero-day
Like RSS? Subscribe to all Microsoft Subnet bloggers.
Like e-mail? Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Like Twitter? Follow All Microsoft Subnet bloggers on Twitter @microsoftsubnet
Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at firstname.lastname@example.org, 970-482-6454 or follow Julie on Twitter @Julie188.
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited