November security update partly a do-over
A month after a record-setting batch of updates, the November ‘Patch Tuesday’ package will contain just six updates. Of those, at least three appear to be revisions or repetition of updates from the October release.
As usually, Microsoft hasn’t gone into extensive detail about next Tuesday’s update: it gives overall figures to help corporate users prepare for the workload of installing the fixes, but doesn’t give specifics which might tip off those who seek to exploit the problems before they are patched.
What is known is that three of the updates are ranked as critical, all of which affect Windows, and all involve remote code execution. That’s where a hacker is able to gain some degree of control over an infected computer, which explains the priority.
The remaining three updates, ranked as important, involve two remote code execution issues with Microsoft Office (specifically Excel and the Excel viewer) and one denial of service issue with Windows. In what will likely be welcome news to Microsoft, Windows 7 doesn’t appear to require any of the updates itself (though users may still need the Office patches.)
Interestingly three of the patches are said to be either updates or re-releases of patches issued last month. Andrew Clarke of Lumenson told The Register that these cover Live Communications Server 2005, Office Communications Server 2007 and Office Access Runtime 2003.
That’s not the only re-dos this month though. On Monday Microsoft issued a revision to a fix for Internet Explorer from last month’s batch. Some users who had installed the original patch had problems viewing Web pages. For those who install updates manually, the fix is listed as update 976749.
The November collection also includes a wider-than-usual collection of software updates (as opposed to bug fixes), though they are mainly of use to IT professionals rather than consumers.
Related Posts:
