Zero-day fixes star in biggest ever Patch Tuesday
13 updates (8 critical) in record haul
Microsoft is preparing its biggest ever Patch Tuesday update for next week.
The bumper batch of 13 bulletins collectively address 34 security flaws across a wide spectrum of Microsoft products. Eight of the baker's dozen bulletins earn the dread classification of critical, Microsoft's highest severity rating.
Two of these upcoming critical updates address the targets of active hacking attacks - a vulnerability in SMBv2 (Server Message Block, version 2) and a security flaw in the FTP component in Microsoft's IIS web server software.
Other patches cover IE, Office, developer tools, and SQL Server. All supported versions of Windows will need patching for one reason or another, including Windows 7. The operating system doesn't ship till 22 October but its RTM code needs patching ahead of that to defend against critical IE8-related security bugs.
The 13 bulletins compare with the previous high-water mark of 12, reached by Microsoft in February 2007 and equalled in October 2008.
Microsoft's pre-alert notice (which omits details pending the release of patches) can be found here. ®
I wish they'd actually impart some info though. I can't find anything that tells me how this affects SQL Server, for example.
Only one thing to say
Snow Leopard Bug.
I'm afraid that cock-up trumps anything anyone can rant about these patches.
I hate MS with a passion. However this looks like a good thing. They actually seem to be putting out stuff to fix a wad of critical issues. Sure they never have been the best, it but surely you have to applaud the improvement.