Microsoft plans to fix at least three Windows vulnerabilities it rates as “critical” when it releases its regular Patch Tuesday bug-fix drop next week, the company said.
This time, none of the security holes affect Microsoft (NASDAQ: MSFT) Windows 7 as they did last month, although one of them does impact Windows Server 2008, which shares a majority of its code with the new desktop operating system. Windows 7 had its official consumer launch on Oct. 22.
Also on the list for next week will be two patches for Microsoft Office, but the bugs those patches address are only rated as “important” — the next-highest severity rating on Microsoft’s four-tiered scale.
Of note, two of the patches also affect Office for Mac, including 2008. The three Office patches also impact Windows versions of Office ranging from Office XP to Office 2007.
All-in-all, though, November’s patch event will be fairly tame — coming nowhere close to October, during which Microsoft delivered its largest patch drop to date. The October Patch Tuesday release included a total of 13 patches, eight of them critical, that fixed a total of 34 flaws, including two that impacted Windows 7.
Microsoft’s advance notices are meant to warn IT administrators about the types of patches they will need to prioritize and install following the next week’s Patch Tuesday update.
Since Microsoft doesn’t want to tip off hackers to what it will patch, however, company officials are deliberately vague in the advance notices. Therefore, notices only mention upcoming patches as numbered security bulletins, and provide little other data for security pundits to examine and provide input on in advance of the actual patch releases.
This month, the most important one is so far only known as Bulletin 3, Sheldon Malm, senior director of security strategy at Rapid7, said in a statement.
“For this month’s Patch Tuesday, we believe Bulletin 3 will have the biggest impact on corporations as it impacts multiple platforms and is rated critical for Windows 2000, XP and Server 2003; and important for Vista and Server 2008,” he said.
The critical Windows patches impact Windows 2000 Service Pack 4 (SP4) up through Windows Vista SP2 and Windows Server 2008 SP2, including XP.
All three of the critical patches, and one of the important patches, requires a system restart, while the remaining two “may” require a restart, according to the advance notice.
Microsoft’s advance notice for the Nov. 10 Patch Tuesday is here.