Microsoft Patch Tuesday Preview, August 2013

Thursday, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for August 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, August 13, 2013.   This month there are eight bulletins in all; three of these have a maximum security rating of Critical; the other five are rated Important.  Seven of the bulletins affect Windows and its components; the eighth affects Exchange Server.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	2	2	—
Windows Vista	1	3	—
Windows Server 2003	1	2	1
Windows Server 2008	—	4	1
Windows 7	1	3	—
Windows Server 2008 R2	—	4	1
Windows 8	1	3	—
Windows RT	1	2	—
Windows Server 2012	—	4	1
Windows Server Core	—	3	—

The remaining bulletin, which affects Exchange Server, is rated Critical.

Microsoft says that five of the Windows bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.

Microsoft Patch Tuesday Preview, February 2013

Today, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for February, previewing the security fixes it intends to release next Tuesday, February 12.   Microsoft plans to release eleven security bulletins this month.  Nine are for Windows and its components; four of these have a maximum severity rating of Critical, and the others are rated Important.  All  supported versions of Windows are affected.

The table below shows the breakdown of patches by Windows version and severity:

Windows Version	Critical	Important	Moderate
Windows XP+SP3	4	3	—
Windows Vista	3	4	—
Windows Server 2003	2	3	1
Windows Server 2008	2	4	1
Windows 7	2	4	1
Windows Server 2008 R2	1	6	1
Windows 8	2	3	1
Windows RT	2	3	—
Windows Server 2012	1	5	1
Windows Server Core	—	6	—

There are also two bulletins that affect Microsoft server software: one, rated Critical, is for Exchange Server, and the other, rated Important, is for the FAST Search Server.

According to Microsoft, seven of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.

Microsoft Patch Tuesday Preview, December 2012

Thursday, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for December, previewing the security fixes it intends to release next Tuesday, December 11.   Microsoft plans to release seven security bulletins this month.  Five are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important.  All  supported versions of Windows are affected, including the recently-released Windows 8, Windows RT, and Windows Server 2012.

The table below shows the breakdown of patches by Windows version and severity:

Windows Version	Critical	Important	Moderate
Windows XP+SP3	2	1	—
Windows Vista	3	1	—
Windows Server 2003	2	1	—
Windows Server 2008	2	1	1
Windows 7	3	1	—
Windows Server 2008 R2	2	2	1
Windows 8	2	1	—
Windows RT	2	—	—
Windows Server 2012	1	2	1
Windows Server Core	1	2	—

One oddity in this preview announcement is that, although one bulletin (Bulletin 1)  has patches for various versions of Internet Explorer, many of them have no severity rating assigned.  Perhaps this is related to Microsoft’s efforts to get users to upgrade from older versions of the browser, something that is a Very Good Idea, most especially for those of you who may still be using Internet Explorer 6 (shudder!).

There is also one bulletin that affects Microsoft Office, which is rated Critical; it also affects Word Viewer, as well as Exchange Server, Share Point Server, and Office Web Apps.  A final bulletin, rated Critical, affects only Exchange Server.

According to Microsoft, all five of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.

Microsoft Patch Tuesday, August 2012

It’s that time of the month again.  In keeping with its usual schedule, Microsoft has released this month’s batch of security bulletins and patches for Windows and related software.  For August, there are nine bulletins, for 15 identified vulnerabilities.  Five of the bulletins are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important.  All  supported versions of Windows are affected.  (For a breakdown of bulletins by severity and Windows version, please see this month’s preview post.)

There are also three bulletins that affect Microsoft Office. One of these, which is rated Critical, also applies to server software components, including SQL Server. as well as to Visual FoxPro and Visual Basic. The other two Office bulletins are rated Important. Finally, there is one bulletin, rated Critical, for Microsoft Exchange Server.

Further details, and download links, are in the Security Bulletin Summary for August  2012.  Microsoft says that four of the patch installations will definitely require a system restart, and that the others may require one, depending on the configuration of your system.

As always, I recommend that you update your systems as soon as you conveniently can.

Update Tuesday, 14 August, 22:17 EDT

The folks at the SANS Internet Storm Center have posted their customary evaluation of this month’s bulletins, along with their own severity ratings.