Microsoft yesterday released 12 new security patches for its Windows operating system and other programs as part of its monthly Patch Tuesday event. Yesterday’s batch marks one of the largest bundles of patches since Microsoft rolled out its monthly schedule.
Eight bulletins affecting Windows are included in the fixes. The maximum severity rating for three of these security updates is critical and some will require a restart. Individual bulletins addressed Internet Explorer, HTML Help, the Microsoft Agent, the Web Client service, Server Message Block and Telnet.
StillSecure CTO Mitchell Ashley said that unlike last month’s Patch Tuesday that was centered on one critical flaw, June’s updates have a much broader impact. The critical vulnerabilities in Internet Explorer, he said, mandates systems administrators update end users’ desktops.
“The takeaway for organizations is that they are most likely going to want to deploy the patches to the desktop first because of the Internet Explorer vulnerabilities and the potential for worms to exploit that,” Ashley said. “Anybody using Internet Explorer is interacting with a wide variety of Web sites and have a much greater risk of being compromised.”
Microsoft also issued a patch for its Internet Security and Acceleration Server and Small Business Server. The maximum severity rating for these security updates is moderate and may require a restart. Analysts said deploying this fix will require downtime that could impact a large number of users.
“Systems administrators are going to have to do an impact assessment on many more systems to determine not only where they need to deploy this but also the potential incompatibilities,” Ashley said. “For example, we don’t want to repeat the scenario where one patch might break things that were previously working. One of the fixes in this release is due to that problem.”
Of the three remaining bulletins, one affects Windows and Microsoft Services for Unix. The maximum severity rating for this is moderate and may require a restart. One patch affects Microsoft Exchange with a rating of important that will not require a restart.
Microsoft is also updating its Windows Malicious Software Removal Tool, which detects and removes malicious code such as spyware. Analysts were not surprised by the large number of patches this June and saw nothing missing that was anticipated.
“The surprise was just the wide variety of patches and that we are also not only seeing patches to older operating systems, but also to newer updates, like SP2,” he said. “But Patch Tuesday makes deploying fixes more manageable because customers can plan time in their schedules to look at the information, do the impact assessment testing, and plan the rollout, whether that be immediate or with the next production chain cycle.”