Microsoft has a hefty batch of patches in store for this month.
Patch Tuesday, which occurs the second Tuesday of the month, is Microsoft’s regular date for rolling out the latest bug fixes, patches and other updates to its software. On Tuesday, the company will launch 16 patches to shore up holes in Windows, Internet Explorer and Office.
Five of the patches are rated as critical, which means the bugs they are fixing could allow attackers to execute code from a remote location to access and take control of a computer. Microsoft describes a critical patch as follows: “A vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing to a web page or opening email.”
Basically, without the patches, you could open a malicious webpage or email attachment and infect your computer.
The five critical vulnerabilities all affect specific versions of Microsoft Windows, including Windows 7, Windows 8, Windows RT, and Windows Server. One of them also affects Internet Explorer versions 7 through 11.
“We are looking at a substantial Patch Tuesday from Microsoft for November,” Wolfgang Kandek, chief technology officer of security firm Qualys, said in a statement. “Microsoft will publish 16 bulletins, with five of them allowing Remote Code Execution (RCE) — the type of vulnerability that attackers are particularly fond of. Overall the additional 16 bulletins will bring Microsoft’s count up to 79, meaning that we will finish the year under 100 vulnerabilities, which is a bit lower that in 2013 and 2011 and probably on par with 2012.”
Windows users who have Automatic Updates enabled don’t need to do anything manually. The updates will automatically install on Tuesday as they become available. However, some of the updates do require a restart, so you’ll have to reboot your PC after they’re installed.
Related Stories
- Microsoft’s Patch Tuesday fixes trio of ‘zero-day’ flaws
- Russian hackers tap Windows flaw to hit NATO, Ukraine
- Microsoft fixes big IE bug — even on Windows XP
- Microsoft issues fixes for Surface Pro 3 Wi-Fi, battery life
Another nine of the patches are rated as important, which means the bugs they are fixing are not as severe as the critical ones, but that the patches should still be installed to fully keep your computer protected. These affect Windows and Office as well as Microsoft Exchange. Important updates are also installed automatically if you have Automatic Updates enabled.
Two of the patches are rated as moderate, which indicates a much lower risk. But even moderate patches should be installed, Microsoft advises.
With Automatic Updates enabled, individuals should find the process fairly painless. But IT administrators who must test the updates before they roll them out across their networks will have some work ahead of them, according to Chris Goettl, product manager with IT management provider Shavlik.
“Although Microsoft usually staggers its patches, alternating between OS and app updates, it looks like nearly all machines will have at least a few critical updates to apply, including .NET Framework, Office 2007, Exchange and SharePoint,” Shavlik said in a statement. “Exchange and SharePoint being in the mix means that there will be a need for some thorough testing before rolling out updates.”