Microsoft will release six bulletins next week for Patch Tuesday, including three critical bulletins focused on Windows security.
All totaled, 15 security vulnerabilities will be fixed in this release. Besides the critical Windows bulletins are three others rated “important.” Among them is a fourth bulletin impacting Windows. Unlike last month, none affect Windows 7, which was the subsect of several patches last month before it was released. The remaining two bulletins address issues in Microsoft Office.
“Customers should plan a restart for the Windows bulletins,” blogged Jerry Bryant, security program manager for Microsoft Security Response Center. “The Office bulletins may not require a restart if the components being updated are not in use.”
Earlier this week, Microsoft updated security bulletin MS09-054, which dealt with four vulnerabilities within Internet Explorer. The bulletin was part of a massive release of fixes Microsoft pushed out last month. The update for the bulletin fixed two issues that can affect the proper display of Web pages.
The upcoming bulletins will be released Nov. 10. Sheldon Malm, senior director of security strategy at Rapid7, predicted the most critical issue will be bulletin three, which affects Windows.
“We’ll see the details on Tuesday, but our sources unanimously suggest that bulletin three will be the issue that needs to be addressed first this month,” he said. “It has the potential for Remote Code Execution and is rated Critical on Windows 2000, XP and Server 2003; especially important on Vista and Server 2008…Customers are advised to take inventory of where Windows versions are within their environments so they can plan testing and roll out the patch for bulletin three as quickly as possible.”