Microsoft Plans Largest Security Update in More than Three Years for Next Tuesday

Microsoft Plans Largest Security Update in More than Three Years for Next Tuesday- Microsoft announced yesterday that they would be issuing 16 security updates on Tuesday, November 11th around 1pm EST to patch the following:

  • Internet Explorer
  • Windows
  • Office
  • SharePoint Server
  • Exchange Server

This is the largest security update in over three years, and has been referred to as both “whopping” and “overwhelming” by Microsoft employees.

Of the 16 updates, referred to as “bulletins” by Microsoft, five were noted as “critical” which is Microsoft’s most serious threat ranking. Five were identified as fixing vulnerabilities that could result in “remote code execution,” if they were exploited. In Laymen’s terms, successful hackers could potentially hijack a system and install malware on the machine if these issues were not resolved.

Microsoft did not put a number to the individual Internet Explorer vulnerabilities it will patch, but in the last five months the company has taken care of 161 bugs in the browser (which is about 32 each month).  Microsoft will patch all versions of it’s Internet Explorer browser.

Other critical updates will tackle vulnerabilities in various sectors of Windows, including Bulletin 5, which affects only the server operating systems. Microsoft said that the one or more bugs being resolved in Bulletin 5 were not present in the client editions, but that they would still be updated to provide “additional defense-in-depth hardening” as protection against similar vulnerabilities that may potentially pop up in the future.

Fixes will be applied to SharePoint Server 2010 and Exchange Server 2007, 2010 and 2013 to deal with elevation of privilege flaws, and may require restarting the servers, often a risky deal for IT staffs as both SharePoint and Exchange are mission-critical systems that cannot be offline for very long.