Microsoft Promises Busy Patch Tuesday Next Week


After busy security events in recent months, Microsoft is again readying a slew of patches for release on Tuesday -- 16 of them overall with four rated "critical."

Microsoft (NASDAQ: MSFT) made the disclosures in its regular advance notice that it publishes the Thursday prior to its monthly Patch Tuesday security patch release.

The advance notice is meant to give security administrators at Microsoft customer businesses an indication of how much work they will need to do after the company releases its security bulletins on the second Tuesday of each month.

On the critical list this month are holes in Windows XP Service Pack 3 (SP3) -- the only currently supported version of XP at this point -- as well as in various editions of Windows Vista and Windows Server 2003 and 2008. Further, all four patches are ranked as critical for Windows 7.

Additionally, the coming patch release will be one of the largest on record for Microsoft.

"It's all trick no treat for network administrators this Halloween as Microsoft releases 16 security bulletins addressing 49 vulnerabilities -- four of which are critical, 10 are rated important and all include a restart," Paul Henry, a security and forensic analyst at researcher Lumension, said in an e-mail to

The heavy load of patches follows recent incidents when Microsoft was forced to ship two out-of-band (i.e., not released on Patch Tuesday) security patches.

Most recently, Microsoft rushed out a patch for ASP.NET, a popular Microsoft Web applications programming framework, in late September, after "limited" attacks were spotted on the Internet.

Most of the other patches to be released on Tuesday are rated as "important," one step down from "critical" on Microsoft's four-tiered security flaw ranking system. Besides the operating systems, some of the bulletins apply to supported versions of Microsoft Office, ranging from Office XP SP3 to Office 2007 and even Office 2010, as well as various viewers for Office documents. The flaws also affect Office for Mac 2004 and 2008.

Microsoft urged customers to prepare for testing and rolling out the patches as soon as they become available on Tuesday.

"It is important to remember that it is always better to prevent infection than to have to clean it up afterwards," Lumension's Henry added.

Stuart J. Johnston is a contributing writer at, the news service of, the network for technology professionals. Follow him on Twitter @stuartj1000.