We’re coming upon that time of the month again for Microsoft administrators; patch time.
According to the latest Advanced Notification page, our Microsoft friends plan on releasing seven security bulletins next Tuesday. The bulletins will including updates to fix security vulnerabilities in Windows, Office, Internet Explorer (IE), Silverlight, and some of their Server Software. They rate more than half (4/7) of the bulletins as Critical, which typically means remote attackers can likely exploit them to gain control of vulnerable computers.
At this point you’re probably quite familiar with the monthly update routine, and know you should prepare your IT team for Patch Day so that they can apply Microsoft’s fixes as soon as possible; especially the Critical ones.
As always, I highly recommend you take some extra time to test the updates before applying them. Lately, there have been a few more reported incidents of Microsoft patches causing issues. You should at least take the time to test the server related updates before deploying them to production machines.
I’ll know more about these bulletins next Tuesday, and will publish alerts about them then.
In an unrelated aside, some business travel has delay production of my weekly security news video. For those waiting, it will come out today, but it may be later in the afternoon. — Corey Nachreiner, CISSP