Microsoft Patch Tuesday Preview, January 2013

January 3, 2013

Today, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for January, previewing the security fixes it intends to release next Tuesday, January 8.   Microsoft plans to release seven security bulletins this month.  Six are for Windows and its components; two of these have a maximum severity rating of Critical, and the others are rated Important.  All  supported versions of Windows are affected.

The table below shows the breakdown of patches by Windows version and severity:

Windows Version Critical Important Moderate
Windows XP+SP3 1 2
Windows Vista 1 4
Windows Server 2003 2 1
Windows Server 2008 4 1
Windows 7 2 4
Windows Server 2008 R2 1 4 1
Windows 8 1 4
Windows RT 1 3
Windows Server 2012 4 1
Windows Server Core 1 4 1

One of the bulletins (Bulletin 2 in the preview announcement) also affects Microsoft Office, and is rated Critical.  There is an additional bulletin, rated Important, which applies to Microsoft server software: SharePoint, Groove, Expression Web, and System Center.

According to Microsoft, three of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.

Update Thursday, 3 January, 22:00 EST

Unfortunately, it appears that none of the security bulletins that Microsoft announced addresses the recently-discovered vulnerability in Internet Explorer.   If you have not already done so, I recommend that you take some of the mitigation steps that Microsoft has suggested.


Microsoft Patch Tuesday Preview, December 2012

December 9, 2012

Thursday, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for December, previewing the security fixes it intends to release next Tuesday, December 11.   Microsoft plans to release seven security bulletins this month.  Five are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important.  All  supported versions of Windows are affected, including the recently-released Windows 8, Windows RT, and Windows Server 2012.

The table below shows the breakdown of patches by Windows version and severity:

Windows Version Critical Important Moderate
Windows XP+SP3 2 1
Windows Vista 3 1
Windows Server 2003 2 1
Windows Server 2008 2 1 1
Windows 7 3 1
Windows Server 2008 R2 2 2 1
Windows 8 2 1
Windows RT 2
Windows Server 2012 1 2 1
Windows Server Core 1 2

One oddity in this preview announcement is that, although one bulletin (Bulletin 1)  has patches for various versions of Internet Explorer, many of them have no severity rating assigned.  Perhaps this is related to Microsoft’s efforts to get users to upgrade from older versions of the browser, something that is a Very Good Idea, most especially for those of you who may still be using Internet Explorer 6 (shudder!).

There is also one bulletin that affects Microsoft Office, which is rated Critical; it also affects Word Viewer, as well as Exchange Server, Share Point Server, and Office Web Apps.  A final bulletin, rated Critical, affects only Exchange Server.

According to Microsoft, all five of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.


Microsoft Patch Tuesday, July 2012

July 10, 2012

It’s time for Patch Tuesday again!  In keeping with its usual schedule, Microsoft has released this month’s batch of security bulletins and patches for Windows and related software.  For July, there are nine bulletins, for 15 identified vulnerabilities.  Six of the bulletins are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important.  All  supported versions of Windows are affected.  (For a breakdown of bulletins by severity and Windows version, please see this month’s preview post.)

There are also four bulletins that affect Microsoft Office, including Office for Mac and InfoPath.  One of these is rated Critical; the rest are rated Important.   Two of the four also apply to other Microsoft software; the affected packages are SharePoint Server, Groove Server, Visual Basic for Applications, Office Web Apps, and SharePoint Services & Foundation.

Further details, and download links, are in the Security Bulletin Summary for July  2012.  Microsoft says that four of the patch installations will definitely require a system restart, and that four of the others may require one, depending on the configuration of your system.  There is one, MS12-051, which Microsoft says “does not require a restart”.  When I first read this, I was initially impressed.  I had begun to doubt that it was possible to construct a patch for Windows software that could not possibly require a re-boot; then, however, I noticed the bulletin title, “Vulnerability in Microsoft Office for Mac”.  Ah, well …

As always, I recommend that you update your systems as soon as you conveniently can.

Update Tuesday, 10 July, 0:05 EST

The Internet Storm Center at the SANS Institute has published its usual review bulletin on this month’s Microsoft patches.


Microsoft Patch Tuesday Preview, July 2012

July 5, 2012

Today, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for July, previewing the security fixes it intends to release next Tuesday, July 10.   Microsoft plans to release nine security bulletins this month.  Six are for Windows and its components; three of these have a maximum severity rating of Critical, and the other three are rated Important.  All  supported versions of Windows are affected.   The table below shows the breakdown of patches by Windows version and severity:

Windows Version Critical Important Moderate
Windows XP+SP3 2 3
Windows Vista 3 3
Windows Server 2003 1 3 1
Windows Server 2008 1 3 2
Windows 7 3 3
Windows Server 2008 R2 1 3 2
Windows Server Core 3

There are also three bulletins that affect Microsoft Office, including Office for Mac and InfoPath.  All of these are rated Important.   Two of the three also apply to other Microsoft software; the affected packages are SharePoint Server, Groove Server, Visual Basic for Applications, Office Web Apps, and SharePoint Services & Foundation.

According to Microsoft, four of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.  Two of the Office bulletins may require a restart, depending again on the system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.


%d bloggers like this: