Microsoft’s Patch Tuesday this month will be huge, with one critically significant group of patches to fix faults in all versions of Internet Explorer that could lead to remote code execution on victims’ machines.
Additionally, three other vital bulletins flag patches that address flaws in SharePoint, Windows XP, Outlook 2007, and Outlook 2010, all pertaining to an attacker gaining the ability to execute code on host computers.
The Internet Explorer bulletin is the most crucial to address, says Ken Pickering, director of engineering at CORE Security, because it affects the most widely-used application and needs a restart. He advises that users apply the fixes right away.
“Patches that require a restart have proven time and time again to create the greatest number of vulnerabilities as IT is either hesitant or too overwhelmed to bring the network down,” He added.
The SharePoint Server exposure is the top priority for server admins, says Wolfgang Kandek, CTO of Qualys, not only because it is ranked critical but because it has to be tested thoroughly to be sure that once patched it doesn’t interfere with business-critical activity.
According to Kandek’s count, this month’s patches bring the year’s sum to 80, only three less than the total for all of last year, and on a pace to exceed 2011, which logged 100.