Another Big Microsoft Patch Tuesday Due Next Week

Microsoft is preparing another large Patch Tuesday security release this month, issuing nine bulletins that address a total of thirteen vulnerabilities. These patches target flaws affecting the Windows operating system (OS), Internet Information Services, and popular business suite Microsoft Office.

Importantly, four of the nine bulletins have been designated "critical," Microsoft's most serious rating. The other five are all marked "important" by the company's Security Response Center blog, Microsoft's second-highest rating.

Windows XP Users Most At-Risk

All three of the Redmond-based firm's recent operating systems are affected by the release (XP, Vista and Windows 7). In addition, Windows Server 2003 and 2008 as well as Office XP, 2003 and 2007 are included.

However, users of Windows 7 and Server 2008 R2 are safer than those running Windows XP, Vista or older systems.

"Organizations running Windows 7 and Server 2008 R2 are running much more secure environments and, as an added benefit, this Patch Tuesday will practically be a non-event for them," noted Lumension senior director of solutions and strategy, Don Leatham. (Source: cnet.com)

"Organizations stuck on Windows XP and Server 2003 need to take a hard look at the cost and risk factors associated with staying on these dated platforms."

Status of DLL Bulletin Unknown

Experts aren't yet sure if Microsoft will release a special bulletin addressing a surge in dynamic link library (DLL) flaws affecting Windows. The company recent unveiled a tool meant to help system administrators restrict the chance of infection.

"I expect some of the bulletins to address DLL Hijacking issues in Microsoft's own products," noted Wolfgang Kandek, chief technology officer at security firm Qualys.

"Currently it is only at the advisory level and users have to make an active decision to get protection against DLL Hijacking in third-party applications," he continued.

Kandek also noted that, given the fact that September is usually an "off" month for security bulletins, the nine outlined for next week represent a very substantial release. (Source: computerworld.com)