Unless you’re one of the eagle-eyed viewers that caught Microsoft’s slip last Friday, today is the first day you get to see this month’s batch of MS product patches. As expected, Microsoft only released five Important updates for Windows and Office products this month. While none of the updates fix overly critical issues, I’d still recommend you try to install them at your earliest convenience.
I suspect the two Office bulletins (which fix flaws in the way Office parses documents, like Excel files) pose the greatest risk. Unfortunately, users often seem to fall for the “good old” malicious Office document trick. That’s why, you should probably install these two Office related updates first — assuming you use Office applications. I’d then follow up with the two Windows updates, one of which fixes another one of those insecure DLL loading vulnerabilities that Microsoft has contended with the past year or so. Finally, if you use SharePoint, be sure to install its patch as well.
You can learn more about today’s updates in Microsoft’s September summary bulletin. As is normally the case with Microsoft updates, you should probably test the patches before deploying them in your production network — especially the ones that affect server software.
We’ll post more detailed alerts about Microsoft’s, and how to fix them, very shortly. – Corey Nachreiner, CISSP