The upcoming Patch Tuesday is set to become a big one for Microsoft, as the software giant is going to address as many as 34 vulnerabilities though 13 security updates.
Of the 13 security patches, eight are to be tagged as ‘critical’, with a majority of them would plug security holes in Windows and Internet Explorer (IE) that could let hackers remotely execute codes on victim’s computer and subsequently seize control over system resources.
Along with these, the patches would further address snags in SQL Server, MS Office, Microsoft Forefront, Microsoft Developer Tools, and Silverlight. Incidentally, a couple of the patches incorporated in the October update address flaws already made public with the exploit code available.
One of the critical patches would address a flaw in the Microsoft SMB version 2.0 implementation, impacting Windows XP, 2000, Server 2003 and 2008, as well as newer iterations of Windows, including Windows 7 and Windows Vista.
If exploited, the vulnerability could enable fraudsters to gain access to Windows Vista and Server 2008 and steal data from it. Microsoft has already issued a workaround to the vulnerability last month, directing users to cut support for SMB version 2 protocol, by providing a link to Microsoft’s “Fix It” package to disable the protocol.
We're already used to Microsoft patch Tuesday routine, something that has now become part and parcel of any Windows sysadmin monthly to do list. Now if only Microsoft could make these updates happen in the background, that would be smashing but very unlikely to happen.