Microsoft Patch Tuesday for October 2009 Includes Windows 7 Security Patches

microsoft_windowsMicrosoft last Thursday has announced at The Microsoft Security Response Center (MSRC), it’s going to release 13 security patches on “Patch Tuesday” (October 13th, 2009), via Windows Update. These security patches will patch 34 new vulnerabilities that affects: Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server.

Microsoft releases important security patches on the second Tuesday of each month and this is popularly known as “Patch Tuesday”. The security bulletins include five Windows 7 security fixes, one of which is considered “Critical” and the others as “Important”. The critical update resolves a security hole in Internet Explorer 8.

Jerry Bryant, Microsoft’s security program manager, has stressed the importance of these updates and has stated:

Usually we do not go into this level of detail in the advance notification but we felt that it is important guidance so customers can plan accordingly and deploy these updates as soon as possible.

These will be the first security patches that Windows 7 will receive after it is released to manufacturing (RTM). The Windows 7 code was signed off on July 22nd, 2009, and the general availability date is October 22nd. In this context, Microsoft is offering the first Windows 7 RTM patches even before the operating system is available to the public. MSDN and TechNet subscribers, that are already running Windows 7 RTM as their main OS will welcome the patch release. Windows XP and Vista seems to have more security problems. Windows XP will receive nine updates (six of them are critical) and Vista will get eight (five are critical).

The exact breakdown of the bulletins is as follows:

  • Bulletin 1: Critical (Remote Code Execution), Windows
  • Bulletin 2: Critical (Remote Code Execution), Windows
  • Bulletin 3: Critical (Remote Code Execution), Windows
  • Bulletin 4: Critical (Remote Code Execution), Windows
  • Bulletin 5: Critical (Remote Code Execution), Windows, Internet Explorer
  • Bulletin 6: Critical (Remote Code Execution), Windows
  • Bulletin 7: Important (Spoofing), Windows
  • Bulletin 9: Important (Elevation of Privilege), Windows
  • Bulletin 10: Important (Denial of Service), Windows
  • Bulletin 11: Critical (Remote Code Execution), Office
  • Bulletin 12: Critical (Remote Code Execution), Windows, Silverlight
  • Bulletin 13: Critical (Remote Code Execution), Windows, Office, SQL Server, Developer Tools, Forefront

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

  • One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
  • One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
  • An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

In addition, Microsoft will be hosting a live webcast the following day (on October 14th).

[ Via: The Microsoft Security Response Center (MSRC) and Ars Technica ]

You may also like...