Microsoft slates 7 security updates for next week, resurrects Exchange fix

Plans critical patches for Windows, Word and IE

patch internet explorer
CSO staff

Microsoft today announced it will release seven security updates on Tuesday, three of them critical, to patch Internet Explorer (IE), Windows, various pieces of the Office suite, and the SharePoint and Exchange server software.

The Exchange update was originally intended to ship last month, but Microsoft pulled it at the last minute because of a problem with the installer package for Exchange Server 2013.

The seven "bulletins," as Microsoft calls its updates, sketched out in today's advance notice were just half the number the Redmond, Wash. company shipped in November, and the fewest since September.

"This month is a bit quieter than last month's barrage," said Chris Goettl, Shavlik product manager, in an email.

Three of the seven were pegged critical, Microsoft's highest threat ranking; the remaining four were tapped as important, the next step down in the four-step scoring system.

Inevitably, one of the critical updates will patch all supported versions of Microsoft's IE, including the newest IE11, which accounted for 43% of all copies of IE used in November, according to Web measurement firm Net Applications. The fix for IE on Windows' client editions -- Vista, Windows 7 and Windows 8/8.1 -- was ranked critical for IE7, IE8, IE9, IE10 and IE11. The browser bundled with the preview of Windows 10 will also be patched, Microsoft said. The company has not given that browser an official name, but it will probably be dubbed IE12.

The other two critical updates will patch Windows Vista and Windows 7 -- but not the newer client operating systems -- and all editions of Microsoft Word, from 2007 through 2013 on Windows, and the sole still-supported Word 2011 on the Mac.

"Top patching priority will no doubt be the three critical issues," said Ross Barrett, senior manager of security engineering at Rapid7. Others circled the IE update as the first to apply, not surprisingly since that's the advice almost every month, what with IE's dominance in the browser market and its pervasiveness in business, where lucrative targets abound.

Last month, IE accounted for 59% of all browsers used worldwide, Net Applications said Monday.

Four other updates, all rated important, will quash bugs in every Windows' edition; Exchange Server 2007 through 2013; all versions of Office in general, Excel specifically, that run on Windows; and SharePoint Server 2010 and 2013, as well as Office Web Apps 2010 and 2013.

Microsoft will release the seven updates -- assuming it doesn't drop some as it did last month -- on Dec. 9 around 10 a.m. PT (1 p.m. ET).

This story, "Microsoft slates 7 security updates for next week, resurrects Exchange fix" was originally published by Computerworld.

Copyright © 2014 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)