September '10 Patch Tuesday: 9 Bulletins, 11 Vulnerabilities
UPDATE Sept 15: Details on the 9 security bulletins Microsoft released are available here.
As you may already know, Redmond-based software giant Microsoft rolls out patches and fixes for its products each second Tuesday of the month – that is why it is known as Patch Tuesday. The second Tuesday of this month is tomorrow, the 14th of September, 2010. Tomorrow Microsoft will roll out 9 security bulletins that are meant to address a grand total of 11 vulnerabilities.
SPONSORED LINKS
The 11 vulnerabilities in question plague the Microsoft Windows operating system (all versions of Windows, including Windows 7 and Windows Server 2008), the web server application Internet Information Services (IIS), and the Microsoft Office productivity suite (Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007). 7 security bulletins have been rated by Microsoft as “important”; the remaining 4 bulletins carry the “critical” rating.
Microsoft uses a 4-tier rating system: low, moderate, important and critical. A vulnerability is rated as important when it could compromise the confidentiality, integrity, or availability of user data or when it could compromise the integrity or availability of processing resources, if exploited by a person with malicious intent. A vulnerability is rated as critical when it could be exploited to allow the propagation of an Internet worm without user action.
The vulnerabilities Microsoft will address this Path Tuesday can lead to remote code execution or elevation of privilege. An advance notification for the September security bulletin release has been posted online by Microsoft here. The notification provides additional details about these vulnerabilities.
“We recommend as always that customers review the [advance notification] summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible,” said Security Response Communications Manager, Carlene Chmaj.
Last month Microsoft rolled out a record number of security bulletins. During the August ’10 Patch Tuesday Microsoft rolled out 14 security bulletins that addressed a grand total of 34 vulnerabilities. These vulnerabilities affected the Windows operating system, the Office productivity suite, the Internet Explorer web browser, and the Silverlight web application framework. Out of the 14 security bulletins, 8 carried the critical rating and the remaining 6 carried the important rating.