Microsoft Patch Tuesday, December 2013

December 10, 2013

Microsoft today released its regular monthly batch of security updates for Windows and other software, summarized in the Security Bulletin Summary.  This month, there are 11 bulletins, addressing 24 identified vulnerabilities.  Five of the bulletins have a Critical severity rating; the other six are rated Important.  Six of the bulletins apply to Windows and its components and four apply to Microsoft Office.   There are also patches for Exchange, SharePoint, Office Web Apps, and Lync server software, as well as for some Microsoft developer tools. (The complete list of affected software is given in the Security Bulletin Summary, along with download links for the patches.)

All supported versions of Windows have at least two Critical bulletins.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 3 2
Windows Vista 4 1
Windows Server 2003 2 3
Windows Server 2008 3 2
Windows 7 3 1
Windows Server 2008 R2 2 2
Windows 8 3 1
Windows RT 3 1
Windows Server 2012 2 2
Windows Server 2012 R2 2 2
Windows 8.1 3 1
Windows RT 8.1 3 1
Windows Server Core 3 1

One bulletin applicable to Office is rated Critical; the others are rated Important.

Microsoft says that four of the bulletins for Windows will definitely require a restart; the other bulletins may require one, depending on your system’s configuration.

The SANS Institute has published its usual post summarizing the updates, with their assessment of the severity of each bulletin.


Microsoft Patch Tuesday Preview, August 2012

August 10, 2012

Thursday, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for August, previewing the security fixes it intends to release next Tuesday, August 14.   Microsoft plans to release nine security bulletins this month.  Five are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important.  All  supported versions of Windows are affected.   The table below shows the breakdown of patches by Windows version and severity:

Windows Version Critical Important Moderate Low
Windows XP+SP3 3 2
Windows Vista 1 3
Windows Server 2003 1 1 1 1
Windows Server 2008 1 2 1
Windows 7 1 2 1
Windows Server 2008 R2 1 2 1
Windows Server Core 1 1

There are also three bulletins that affect Microsoft Office.  One of these, which is rated Critical, also applies to server software components, including SQL Server. as well as to Visual FoxPro and Visual Basic.  The other two Office bulletins are rated Important.   Finally, there is one bulletin, rated Critical, for Microsoft Exchange Server.

According to Microsoft, four of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.


%d bloggers like this: