Microsoft is planning to release 14 security bulletins next week as part of its Patch Tuesday update, including four critical updates for Internet Explorer, Windows, Outlook and SharePoint.
In addition to the four critical updates are 10 other bulletins ‘Important’ that cover issues in Windows, Microsoft Office and the .NET Framework.
“First reaction to this month’s patch notification is the sheer number of bulletins,” said Ken Pickering, director of engineering, CORE Security. “While most of them are fairly standard, there is a long list of them with which administrators must content.”
Opinions were mixed about how the bulletins organizations should be prioritized, but multiple experts said bulletin 1 is likely the one that should be taken care of first.
“Bulletin #1 is for Sharepoint Server and should be the highest priority on the list for your server administrators, after diligent testing to assure that the patch does not impact any business critical functionality,” noted Qualys CTO Wolfgang Kandek.
The data on a server machine is typically more valuable than data on a workstation machine, and it is fairly easy to discover Sharepoint servers using Google, said Tommy Chin, technical support engineer at CORE Security.
“Attackers can leverage this easy-to-obtain list, and start hammering on Sharepoint servers around the world. Just because the patch potentially doesn’t require a restart doesn’t mean that this vulnerability should not be treated with highest severity,” Chin said.
Bulletin two should also be a high priority for enterprise desktop security teams because it addresses a flaw in Microsoft Office that can be triggered by simply previewing an e-mail in Outlook, even without explicitly opening the e-mail, blogged Kandek.
In addition to the Microsoft updates, Adobe Systems has plans for some updates of its own for Adobe Reader and Acrobat. The vulnerabilities, which have a priority rating of ‘2’, are considered critical and affect both Microsoft Windows and Mac OS X computers.
The updates for both Microsoft and Adobe will be released Sept. 10.