Three 'Critical' Microsoft Patches Coming


Microsoft notified IT security administrators this week that it plans to release ten patches, three of them rated "critical," on Tuesday.

That will likely mean a little more work to install and test June's Patch Tuesday fixes than last month, when Microsoft (NASDAQ: MSFT) released only two critical patches. Microsoft releases most of its software patches on the second Tuesday of each month -- thus the term "Patch Tuesday."

The past two months have seen fewer fixes than usual. For instance, in April, Microsoft rolled out five fixes for a total of nine critical security vulnerabilities.

In February, however, Microsoft came close to breaking its all-time record of fixes in one Patch Tuesday release when it shipped 13 patches for 26 vulnerabilities. In that mammoth release, only five of the patches were rated "critical," which is Microsoft's highest severity rating.

In order to give IT administrators some warning of how much work they face when a new batch of patches comes out, Microsoft releases an advance notification on the Thursday before Patch Tuesday.

The three critical patches for June primarily affect Windows 2000, Windows XP, Windows Vista and Windows 7. However, one or more of them also critically affect some server versions of Windows, including Windows Server 2003 Service Pack 2 (SP2) and Windows Server 2008 SP2 for both 32-bit and 64-bit editions, according to the advance notification e-mail.

Most of the other patches, which range from "important" to "moderate" in severity, impact Microsoft Office XP, Office 2003 and Office 2007. The just-released Office 2010 is not listed as affected.

To administrators, that still means extra work to get all of the patches installed in a timely manner, according to two security experts.

"It might be summertime, but there's no sunshine expected from Microsoft next Tuesday. The impact will be felt enterprise-wide…so it is strongly suggested that IT administrators plan ahead and prioritize this patch load as soon as possible," Paul Henry, Lumension's security and forensic analyst, said in an e-mail to

That sentiment was seconded by Wolfgang Kandek, CTO at security researcher Qualys.

"The June release is a large update and will keep system administrators busy, even if they have migrated to Windows 7 already," he said in an e-mailed statement.

Microsoft will release its June patches on Tuesday, June 8.

Stuart J. Johnston is a contributing writer at, the news service of, the network for technology professionals.