Microsoft is out with its September Patch Tuesday update, providing only two security advisories. The small number has some folks worried Microsoft may have missed some bugs.
The low patch count is not unprecedented. According to Jason Miller, manager of Research and Development at VMware, the last time Microsoft released only two Patch Tuesday security bulletins was the May 2011 release.
That said, Andrew Storms, director of security operations for nCircle, is concerned the number is too low.
“Historically, every patch Tuesday so far this year has averaged eight security bulletins and each bulletin typically covers multiple bugs,” Storms told eSecurity Planet. “While we don’t know exactly how many bugs are in the backlog, it’s safe to assume there are plenty still waiting to be fixed.”
While Storms said there aren’t any significant bugs requiring immediate patches at the moment, he mused that the situation could change at any time.
Others believe the low bug count could be a reflection of the success of Microsoft’s multi-year trustworthy computing efforts. “Is this September’s light Patch Tuesday a reflection of the maturity of Microsoft’s secure coding initiatives?” said Paul Henry, security and forensic analyst at Lumension. “One can only hope…”