Three critical fixes in store for MS November Patch Tuesday
Has another crack at some October uberpatch flaws
Microsoft plans to deliver six updates - three critical - as part of its November Patch Tuesday cycle.
All three of the critical updates due on 10 November involve patches for Windows. Tuesday is also due to bring two "important" (ie. slightly lower risk) updates for Office and another "important" Windows-related security fix, according to MS's pre-alert advisory.
As is the local custom, Redmond is holding back details of the flaws to be fixed until the patches are delivered. However from details of the affected software packages it looks like Win 7 machines are in the clear and will not need patching, at least against operating system flaws. One of the critical Windows updates affects Vista while a separate (critical) flaw is bad news for systems running XP or Server 2003.
November's patch batch follows a bumper crop of 13 bulletins that collectively tackled 34 security flaws across a wide range of Microsoft products last month.
Predictably enough the large patch batch failed to run altogether smoothly. On Monday (2 November) Microsoft re-patched Internet Explorer, marking the third time it was obliged to repair one of the updates from its October 2009 uberbatch. The tweaked update addressed problems experienced in displaying web pages by some customers who had applied the MS09-054 patch, as explained here.
Andrew Clarke, senior VP at patching specialist Lumension, reckons three of the updates due out of Tuesday may also be aimed at tackling glitches with the October patch batch.
"Microsoft is delivering three critical patches and three important patches, none of which impact Windows 7," Clarke said. "Three of the November patches, however, appear to be updates to or re-releases of patches that were issued last month including Live Communications Server 2005 and Office Communications Server 2007, as well as scenarios involving the usage of Windows Server Update Services or running Microsoft Office Access Runtime 2003." ®
Sponsored: Today’s most dangerous security threats