Patch Tuesday: Expect 6 security fixes
After a record-breaking Patch Tuesday in October, November's security update
promises to be a bit lighter with six scheduled fixes, three deemed "critical" and three "important."
This month's patch rollout is expected to have five bulletins addressing remote code execution vulnerabilities, while the remaining fix will address denial-of-service issues.
The first scheduled fix will be a critical bulletin affecting Vista and Windows Server 2008. The second critical fix affects only Windows 2000. Meanwhile, the third and final critical item involves every Windows operating system except for Windows 7.
Microsoft expects to issue three important fixes, with the first bulletin affecting every OS except for Vista and Windows 7. The remaining two important fixes will address XP-based Microsoft Office applications, including Excel, Excel Viewer for Office 2003, 2007 Microsoft Office System, and Office for Mac 2004 and 2008.
Paul Henry, security and forensic analyst at Lumension, speculated that some of the fixes may be updates to or re-releases of security bulletins that were issued in October.
"These include Live Communications Server 2005 and Office Communications Server 2007, as well as scenarios involving the usage of Windows Server Update Services or running Microsoft Office Access Runtime 2003," he said.
Many experts are predicting that at least one of the Office Communication Server fixes will be included in the November patch slate, although Microsoft has not indicated so.
What won't likely be a surprise, however, is that all six patches will require a restart.
The Knowledge Base article for this month, as usual, outlines what nonsecurity updates IT pros should expect via Windows Server Update Services, Windows Update and Microsoft Update services.
Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.