Microsoft has posted its Advanced Notification about this month’s Patch Tuesday security updates, scheduled for October 9. It includes seven bulletins addressing issues in Office, SharePoint Server, SQL Server and Windows.
“Microsoft is planning a light October edition of its regular Patch Tuesday updates next week that focuses on Office flaws and features just one critical patch,” John Leyden writes for The Register. “The critical bulletin features a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. Office for Mac is not affected.”
Computerworld quotes security expert Wolfgang Kandek who noted, “[A critical rating] is not very common for Office vulnerabilities and typically indicates that no user interaction, such as opening an affected file, is required to trigger the vulnerability.”
CRN’s Ken Presti observed, “Because Microsoft Office is so pervasive, this update will impact a lot of users, including companies of all sizes and even individual home users.”
According to Fierce CIO, “Paul Henry, security and forensic analyst for Lumension, pointed out how Microsoft is seeing the fruit of its security coding initiatives. There were 82 patches total at this point last year, compared to just 70 patches this year, according to Henry, who noted, ‘That’s a pretty nice drop in vulnerabilities.'”