Microsoft preps monster security update for next week

Will patch near-record 57 bugs in IE, Windows, Office and Exchange Server

By , Computerworld |  Windows, Microsoft, Microsoft patches

"I can see that, but I still don't understand why they didn't put [all the patches] in one bulletin and wrap installation with some logic," said Storms. "[The only thing I can think of] is one bulletin is for the core of IE, and one is for something used by IE."

Another expert, Lumension security and forensic analyst Paul Henry, theorized that one of the IE updates might be related to recent vulnerabilities in Oracle's Java. Like other browsers, IE relies on an Oracle-provided plug-in to parse Java code.

"It's possible that this is related to the recent and ongoing Java issues," said Henry in an email Thursday. "Microsoft has a very close relationship with Oracle, so it wouldn't surprise me if these bulletins include Java patches."

Last week, Oracle accelerated the release of its regularly-scheduled security update -- initially slated to ship Feb. 19 -- citing "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers."

Oracle's early update came in the aftermath of several embarrassing "zero-day" vulnerabilities -- and the emergency patches necessary to quash those bugs -- as well as harsh criticism leveled by security professionals against Oracle for its handling of Java's problems.

Next week's fifth critical update affects Exchange Server 2007 and Exchange Server 2010, the second- and third-most-recent versions of Microsoft's email server software.

While details were absent -- Microsoft's advanced notification is always bare bones -- Storms said the simple fact that the update was judged critical and for Exchange should be enough to raise the antenna of IT pros. "They always concern me because Exchange is the critical business application," said Storms.

A patch failure or compatibility problem in an Exchange update could conceivably knock out a firm's email, with all the resulting chaos that creates among workers, and the conflict between them and IT.

Microsoft will release next week's 12 security updates on Feb. 12 at approximately 1 p.m. ET.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question