Patch Tuesday Advanced Notification October 2014
Microsoft has announced 9 bulletins for October 2014, three of which are rated as Critical. Just a reminder that back in August Microsoft put a hard deadline on implementing the Update 1 (KB2919355) for Windows 8.1 and Server 2012 R2, making it so users need to install Update 1 in order to keep their systems updated.
The first bulletin is a Critical update for Internet Explorer. There is a strong likelihood it will resolve a number of vulnerabilities in the double digits. Since June we have seen a trend of double digit vulnerabilities regarding Memory Corruption issues in IE. Expect this to be a high priority to be rolled out ASAP.
The second and third bulletins are also Critical and affect the Windows Operating System and .Net Framework. Both could allow for remote code execution.
Bulletins four and six affect Microsoft Office. One is listed as Moderate and one as Important. Bulletin six also pertains to SharePoint and Office Web Apps. For Office these patches will likely fall into the test adequately and roll-out in a timely manner category. The SharePoint and Office Web Apps updates will require adequate testing before rolling out.
On top of what looks to be a large Patch Day from Microsoft we will also see Oracle's quarterly Critical Patch Update next week. Expect an update for Java that will include a large number of fixes and likely will have some urgency to roll-out.
Adobe is on a solid trend of releasing a Flash update on Patch Tuesday. So far in 2014 there have been Critical updates to Flash every month. All but one month have fallen on Patch Tuesday. Expect Flash and expect it to be a priority. If that releases we will see an IE Advisory to support the Plug-In update.
Also on the Adobe front, a number of issues have been reported on Acrobat Reader 11.0.9. There is a chance for an update to resolve those issues. If you have updated to 11.0.9 watch for this.
Google Chrome just had a rather large release so chances are either from a potential Flash update (to support the Flash Plug-In) or other issues that may occur we could likely see a Google Chrome update.
Microsoft Security Bulletins:
- 3 bulletins are rated as Critical.
- 1 bulletin is rated as Moderate
- 5 bulletins are rated as Important
Vulnerability Impact:
- 5 bulletins address vulnerabilities which could allow Remote Code Execution.
- 1 bulletin addresses vulnerabilities which could result in Security Feature Bypass.
- 3 bulletins address vulnerabilities which could allow Elevation of Privileges.
Affected Products:
- All supported Windows Operating Systems.
- All supported Internet Explorer versions.
- Microsoft .Net Framework
- Microsoft Office 2007 and 2010
- Microsoft SharePoint Server 2010
- Microsoft Office Web Apps 2010
- ASP.Net MVC
Join us as we review the Microsoft and third-party releases for October Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, October 15th at 11 a.m. CDT. We will also discuss other product and patch releases since the September Patch Tuesday.
You can register for the Patch Tuesday webinar here.