The November 2014 Patch Tuesday is upon us and Microsoft is set to roll out several security updates today for various products. Microsoft has issued sixteen security bulletins, and Windows 10, Microsoft’s latest operating system that is under testing right now, is set to receive four security updates.
Five of these security bulletins address Remote Code Execution (RCE), a type of vulnerability that attackers really love to use. The sixteen bulletins will bring Microsoft’s total count up to 79 for the year. This is lower than the 2013 year. Here is a quick rundown of what the crucial bulletins contain:
- Bulletin #1 is rated critical for all version of Windows and has RCE potential, i.e. the type of vulnerability that allows an attacker to take control over the affected machine.
- Bulletin #2, critical as well and covers all versions of Internet Explorer from IE6 on Windows 2003 to IE11 on Windows 8.1. This is will be our highest priority bulletin, since attacks through the browser are so effective that a whole industry is developing black market solutions, the so-called Exploit Kits.
- Bulletin #3 addresses again an RCE type vulnerability present in all version of Windows. Again critical to patch as soon as possible.
- Bulletin #4 covers a vulnerability that is rated critical on desktop systems and only important on server type operating systems, where some additional mitigation technology is lowering the risk.
- Bulletin #5 is a bit odd, and is rated critical on server type operating systems, but has no criticality rating on desktop type systems, even though they seem to contain the vulnerability.
- Bulletin #6 is for Microsoft Word 2007 and addresses an RCE type vulnerability, which should be high on your list of fixes to schedule.
The rest of the bulletins are mostly rated Important and address Windows, the .NET runtime framework, Word and the SharePoint and Exchange servers.
Windows 10 is slated to receive four security updates, being affected by Bulletins 1, 2, 4, and 5. “Windows Technical Preview and Windows Server Technical Preview are affected. Customers running these operating systems are encouraged to apply the update, which will be available via Windows Update,” Microsoft explains.
Patch Tuesday takes place in just a few hours, so keep an eye on Windows Update. If you have Automatic Updates enabled, you don’t have to lift a finger. A reboot will likely be required.
We also recommend visiting the VIA link below to read more about today’s security updates.