Feeds

Three critical fixes in store for MS November Patch Tuesday

Has another crack at some October uberpatch flaws

Protecting users from Firesheep and other Sidejacking attacks with SSL

Microsoft plans to deliver six updates - three critical - as part of its November Patch Tuesday cycle.

All three of the critical updates due on 10 November involve patches for Windows. Tuesday is also due to bring two "important" (ie. slightly lower risk) updates for Office and another "important" Windows-related security fix, according to MS's pre-alert advisory.

As is the local custom, Redmond is holding back details of the flaws to be fixed until the patches are delivered. However from details of the affected software packages it looks like Win 7 machines are in the clear and will not need patching, at least against operating system flaws. One of the critical Windows updates affects Vista while a separate (critical) flaw is bad news for systems running XP or Server 2003.

November's patch batch follows a bumper crop of 13 bulletins that collectively tackled 34 security flaws across a wide range of Microsoft products last month.

Predictably enough the large patch batch failed to run altogether smoothly. On Monday (2 November) Microsoft re-patched Internet Explorer, marking the third time it was obliged to repair one of the updates from its October 2009 uberbatch. The tweaked update addressed problems experienced in displaying web pages by some customers who had applied the MS09-054 patch, as explained here.

Andrew Clarke, senior VP at patching specialist Lumension, reckons three of the updates due out of Tuesday may also be aimed at tackling glitches with the October patch batch.

"Microsoft is delivering three critical patches and three important patches, none of which impact Windows 7," Clarke said. "Three of the November patches, however, appear to be updates to or re-releases of patches that were issued last month including Live Communications Server 2005 and Office Communications Server 2007, as well as scenarios involving the usage of Windows Server Update Services or running Microsoft Office Access Runtime 2003." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.