Microsoft Breaks Annual Record With ‘Modest’ Patch Tuesday

The Patch Tuesday update for October is the first update this year from Microsoft that does not feature a patch for a zero day exploit, although 19 vulnerabilities have been tackled.

And the relatively light load of patches this month will no doubt please systems administrators, but 2015 has so far seen a record number of patches as the threat landscape worsens.

“Its official, a record has been set for the most bulletins released by Microsoft in a single year,” said Tyler Reguly, manager of security research at Tripwire. “In 2013, we saw 106 bulletins released, this month we hit 111 for 2015 and we still have two Patch Tuesdays left.”

Patch Tuesday

securityHalf of the vulnerabilities are critical, and according to Tripwire, all of the Critical bulletins (MS15-106, MS15-108, MS15-109) are remote code execution issues affecting Internet Explorer, the Edge browser, VBScript & JScript Engines, Windows Shell, Office, Office Services and apps, as well as Microsoft Server Software.

“Network administrators should be relieved this month to learn that none of the vulnerabilities being patched are remotely exploitable,” said Craig Young, security researcher at Tripwire. “This is a pretty standard mix of web and file format vulnerabilities requiring some degree of user interaction or user error. But with users being the biggest risk to a corporate network, these patches should be deployed without undue delay.

“This month’s updates are pretty ho-hum, we’ve got a list of entirely typical updates. Given that this month is so light, it’ll be interesting to see what November has in store for us,” added Reguly. “That said, sys admins shouldn’t take the light month to mean they can sit back and take a break. We still have a number of vulnerabilities that should be patched, so updates should be applied following regular schedules.”

Light, But Important

Qualys CTO Wolfgang Kandek also backed up the point about the necessity for system admins to be diligent in their patching.

“October’s patch bulletin maybe a light edition but pretty much everyone is affected this month as most versions of Internet Explorer, Windows and Office are at risk – and many of the vulnerabilities identified could lead to Remote Code Execution,” said Kandek.

Kandek said thathighest priority patch is for Internet Explorer (MS15-106), which brings 15 fixes, nine are critical and could lead to RCE. The second most important fix is MS15-110, which addresses six issues in Office (mostly Excel) with five resulting in RCE

Other important patches are MS15-109, which tackles a vulnerability in Windows shell, and MS15-107 and MS15-108, which are related to the Internet Explorer bulletin.

What do you know about Windows 10? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

NASA, Boeing To Begin Starliner Testing After ‘Anomalies’

American space agency prepares for testing of Boeing's Starliner, to ensure it has two space…

2 days ago

Meta Launches Friends Tab, As Zuck Touts ‘OG Facebook’

Zuckerberg seeks to revive Facebook's original spirit, as Meta launches Facebook Friends tab, so users…

2 days ago

WhatsApp Appeal Against EU Fine Backed By Court Advisor

Notable development for Meta, after appeal against 2021 WhatsApp privacy fine is backed by advisor…

3 days ago

Intel Board Shake-Up As Three Members Confirm Retirement

First sign of shake-up under new CEO Lip-Bu Tan? Three Intel board members confirm they…

3 days ago

Trump’s SEC Pick Pledges ‘Coherent’ Crypto Rules

Trump's nominee for SEC Chairman, Paul Atkins, has pledged a “rational, coherent, and principled approach”…

3 days ago