IE bug fix not included in light Patch Tuesday
Only one 'critical' patch – for Office for Windows
Microsoft is planning a light Patch Tuesday for November with just three bulletins that collectively address a total of 11 security vulnerabilities.
The trio cover flaws in Office (and Powerpoint) for Windows, Office for Mac 2011 and Forefront Unified Access Gateway. The Office for Windows patch is rated critical while the other two updates are rated as important.
Wolfgang Kandek, CTO of net security services firm Qualys, said the critical Office update is something of a rarity.
"Most vulnerabilities on the Office suite are categorised as 'important' because they typically require user interaction to get a successful exploitation," Kandek explained. "'Critical' here indicates a vulnerability that can be used to take control of the target machine without user interaction, such as MS10-064, where visualising an email in Outlook's preview pane was sufficient to trigger the flaw."
The one critical update in three bulletin compares to the record crop of 16 bulletins - four critical - in October's Patch Batch.
Before sysadmins kick back and enjoy the weekend safe in the knowledge that, for a pleasant change, there's very little patching work ahead on them next week, it's worth remembering that a recently discovered zero-day vulnerability in Internet Explorer remains unfixed. The code execution bug has already cropped up in targeted attacks, Symantec warns.
Microsoft's November Patch Tuesday pre-alert notice can be found here. ®