13 security updates on the forthcoming Microsoft Patch Tuesday
Microsoft has announced 13 bulletins for the forthcoming Patch Tuesday on the 13th of October. Eight of the bulletins describe critical holes in Windows, Office, Silverlight, Forefront, SQL Server and Microsoft's Developer Tools. Five of the holes affect Windows 7, which means that the first security updates will have been released before Windows 7 officially goes on sale, although the operating system has been available to download via MSDN for several weeks and is already in production use with a number of customers.
Microsoft has not made an official statement about the total number of holes closed by the forthcoming updates. According to the Security Response Center, the vendor plans to close the critical hole in the SMBv2 implementation. That hole has been known for several weeks and there are several exploits in circulation that allow attackers to remotely take control of a system. The hole in the FTP server under IIS5 and IIS6, discovered at the end of August, will also be closed.
Next Tuesday is also a scheduled patch day for Adobe, which plans to release security updates for Reader and Acrobat. Thankfully, Oracle has not scheduled its next patch day for the second Tuesday of the month as well, or else company admins would probably be patching and booting into the small hours. Oracle's CPU is planned for the 20th of October.
- Adobe users under fire again
- Adobe and Oracle delay their patch days
- FTP service of Microsoft IIS 5 and 6 vulnerable to attacks
- Exploit published for SMB2 vulnerability in Windows