Microsoft plans 8 fixes for October's Patch Tuesday

Microsoft will release eight patches, most having to do with remote code execution, in this month's Patch Tuesday release.

The company's advanced notification of the October monthly security bulletin addresses two "critical" and six "important" items covering a range of products including Microsoft .NET Windows, Internet Explorer, Forefront and Microsoft Host Integration Server.

Remote code execution dominates the risk profile for all but two of the items on the patch slate. The remaining two are denial-of-service and elevation-of-privilege considerations.

The first critical bulletin affects .NET and Silverlight.

Marcus Carey, a security researcher at Rapid7, opines that this patch, along with all critical items, needs to be examined closely.

"This bulletin looks very close to MS11-039, which was patched in August. When exploit developers look for bugs disclosed in products, they usually find similar bugs which result in the same type of vulnerabilities," he said.

As for the other, an often-patched Internet Explorer once again will be receiving a fix.

Speaking on the Internet Explorer item, Carey said attackers will continue to get users to click on links to malicious Web sites. He says to expect the attackers to continue to explore these browsers and plug-in weaknesses, which have been the bane of Microsoft's browser for some time.

Paul Henry, security and forensic analyst for Lumension, called October's predicted batch of fixes a "trick and treat" patch.

The Treat is that there are less critical items and more Windows fixes, he said. The trick is in the operational challenges of rebooting systems.

"Nearly all require a restart, which will cause widespread disruptions across both Internet-connected servers and user community desktops."

As usual, consult Microsoft Knowledge Base Article 894199 for more information.

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

inside gcn

  • HPE SGI 8600

    New supercomputers headed to DOD

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group