Microsoft has a relatively light Patch Tuesday planned for next week with no critical patches.
According to the company’s pre-patch advisory, Microsoft plans to release five security updates rated ‘Important.’ The bulletins cover issues in Windows, Microsoft Office and Microsoft Server Software such as SharePoint Server and Office Groove Data Bridge Server.
Of the five bulletins, three address issues that could be exploited to remotely execute code. The other two can be used to escalate privileges.
“It’s easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident, but while there are no “critical” bulletins this month, organizations should not downplay the vulnerabilities being addressed,” opined Marcus Carey, security researcher from Rapid7. “I know of organizations that have 30 day patch requirements for “critical” – which is too long in my opinion – and up to three months to patch “important” and below.”
Vulnerability Resource: Vulnerability Management Buyer’s Checklist: Key Questions to Ask
But it’s not just Microsoft that has patches planned. Adobe has some fixes of its own on the way. The company did not say much about what issues would be addressed, but that the updates would be for Adobe Reader and Acrobat versions X (10.1) and earlier for Windows and Macintosh.
Both sets of patches are slated to be available Tuesday, Sept. 13.
Related Resource: The Top 10 Reports for Managing Vulnerabilities