Microsoft Patch Tuesday, December 2013

Microsoft today released its regular monthly batch of security updates for Windows and other software, summarized in the Security Bulletin Summary.  This month, there are 11 bulletins, addressing 24 identified vulnerabilities.  Five of the bulletins have a Critical severity rating; the other six are rated Important.  Six of the bulletins apply to Windows and its components and four apply to Microsoft Office.   There are also patches for Exchange, SharePoint, Office Web Apps, and Lync server software, as well as for some Microsoft developer tools. (The complete list of affected software is given in the Security Bulletin Summary, along with download links for the patches.)

All supported versions of Windows have at least two Critical bulletins.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	3	2	—
Windows Vista	4	1	—
Windows Server 2003	2	3	—
Windows Server 2008	3	2	—
Windows 7	3	1	—
Windows Server 2008 R2	2	2	—
Windows 8	3	1	—
Windows RT	3	1	—
Windows Server 2012	2	2	—
Windows Server 2012 R2	2	2	—
Windows 8.1	3	1	—
Windows RT 8.1	3	1	—
Windows Server Core	3	1	—

One bulletin applicable to Office is rated Critical; the others are rated Important.

Microsoft says that four of the bulletins for Windows will definitely require a restart; the other bulletins may require one, depending on your system’s configuration.

The SANS Institute has published its usual post summarizing the updates, with their assessment of the severity of each bulletin.

Microsoft Patch Tuesday Preview, November 2013

On Thursday, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for November 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, November 12, 2013.   This month there are eight bulletins in all; three of these have a maximum security rating of Critical; the others are rated Important.  Six of the bulletins affect Windows and its components.  Two bulletins affect Microsoft Office.   More details on specific versions are given in the Advanced Notification.

All supported versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	3	2	—
Windows Vista	3	2	—
Windows Server 2003	1	3	1
Windows Server 2008	1	3	1
Windows 7	3	2	—
Windows Server 2008 R2	1	3	1
Windows 8	3	3	—
Windows RT	3	1	—
Windows Server 2012	1	4	1
Windows Server 2012 R2	1	4	1
Windows 8.1	3	3	—
Windows RT 8.1	3	1	—
Windows Server Core	1	3	—

The bulletins for Office are rated Important.

Microsoft says that five of the bulletins for Windows will definitely require a restart; the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  If there are significant changes, I will post a note here once the actual updates are available.

Microsoft Patch Tuesday Preview, October 2013

Today, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for October 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, October 8, 2013.   This month there are eight bulletins in all; four of these have a maximum security rating of Critical; the others are rated Important.  Four of the bulletins affect Windows and its components.  Three bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server.  A final bulletin affects Microsoft’s Silverlight.   More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	4	—	—
Windows Vista	4	—	—
Windows Server 2003	3	—	1
Windows Server 2008	3	—	1
Windows 7	4	—	—
Windows Server 2008 R2	3	—	1
Windows 8	4	—	—
Windows RT	2	1	—
Windows Server 2012	3	—	1
Windows Server 2012 R2	—	1	—
Windows 8.1	1	—	—
Windows RT 8.1	1	—	—
Windows Server Core	3	—	—

The bulletins for Office and Slverlight are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  If there are significant changes, I will post a note here once the actual updates are available.

Microsoft Patch Tuesday Preview, September 2013

Today, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for September 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, September 10, 2013.   This month there are fourteen bulletins in all; four of these have a maximum security rating of Critical; the other ten are rated Important.  Seven of the bulletins affect Windows and its components.  Seven bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server.  More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	2	3	—
Windows Vista	1	3	—
Windows Server 2003	1	3	1
Windows Server 2008	—	3	1
Windows 7	1	4	—
Windows Server 2008 R2	—	4	1
Windows 8	1	3	—
Windows RT	1	2	—
Windows Server 2012	—	3	1
Windows Server Core	—	4	—

Two of the bulletins for Office are rated Critical; the other five are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.

Microsoft Patch Tuesday Preview, August 2013

Thursday, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for August 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, August 13, 2013.   This month there are eight bulletins in all; three of these have a maximum security rating of Critical; the other five are rated Important.  Seven of the bulletins affect Windows and its components; the eighth affects Exchange Server.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	2	2	—
Windows Vista	1	3	—
Windows Server 2003	1	2	1
Windows Server 2008	—	4	1
Windows 7	1	3	—
Windows Server 2008 R2	—	4	1
Windows 8	1	3	—
Windows RT	1	2	—
Windows Server 2012	—	4	1
Windows Server Core	—	3	—

The remaining bulletin, which affects Exchange Server, is rated Critical.

Microsoft says that five of the Windows bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.