Microsoft, if you’re listening, I’d really like you to stop breaking records on Patch Tuesday.
According to their advanced notification bulletin, Microsoft expects another record setting Patch Day on Tuesday, October 12. Specifically, they plan to release 16 security bulletins, which correct a total of 49 vulnerabilities in Windows, Office, Internet Explorer, and “Windows Server Software.” They rate four bulletins Critical, ten Important, and two Moderate.
Until now, last August’s Patch Day was the biggest patch day ever. Unfortunately, next Tuesday’s Patch Day will be even bigger. I recommend you inform your IT staff to have all hands on deck next Tuesday. Obviously, you’ll want to apply Microsoft’s Critical updates first, since they typically allow attackers to gain control of affected computers. However, Microsoft’s Important patches often pose significant risk as well, so patch those quickly too. If possible, plan to try to test and deploy all of Microsoft’s patches on Tuesday.
We’ll know more about these bulletins next Tuesday, and will publish alerts about them here. — Corey Nachreiner, CISSP