Tomorrow, Microsoft plans to launch Patch Day for the month of September. It appears relatively minor, especially when compared to last month.
According to their Advanced Notification post for September, Microsoft will only release five bulletins, fixing vulnerabilities in Windows and Office. None of the bulletins are Critical; Microsoft rates them all as Important.
Though Important bulletins fix less dangerous vulnerabilities than Critical bulletins do, the different between these severity ratings tends to have less to do with how much access an attacker gains, but rather more to do with how much user interaction the attack requires. In other words, Important updates still often fix flaws that could allow remote attackers to gain access to your system, only they typically rely on more user interaction to do so. My point is, you’ll still probably will want to install these Important updates as soon as Microsoft releases them.
I’ll know more about these bulletins on Tuesday, September 13. Be sure to return here tomorrow to hear more. — Corey Nachreiner, CISSP (@SecAdept)