Huge Patch Tuesday Update Tackles Critical Bugs

Microsoft has released a massive Patch Tuesday security update that includes fixes for critical vulnerabilities, including one that is 19 years old.

The patch Tuesday update includes 16 security bulletins, a number of which are rated critical. The most important update is MS14-064, which addresses a very old flaw that affects all supported versions of the Windows operating system, including Windows XP.

Zero-Day Flaws

The mammoth Patch Tuesday update has led to many experts to warn Windows users should download and install the update as soon as possible. This is because five of the sixteen security bulletins address Remote Code Execution (RCE), a type of vulnerability that allows attackers to take control of a machine.

A number of bulletins are rated critical and affect either Windows or Internet Explorer flaws. Other bulletins are rated as important and address Windows, the .NET runtime framework, Word and the SharePoint and Exchange servers.

“We are looking at a substantial Patch Tuesday from Microsoft for November,” blogged Wolfgang Kandek, CTO, Qualys. “Microsoft will publish 16 bulletins, with five of them allowing Remote Code Execution (RCE)- the type of vulnerability that attackers are particularly fond of. Overall the additional 16 bulletins will bring Microsoft’s count up to 79, meaning that we will finish the year under 100 vulnerabilities, which is a bit lower that in 2013 and 2011 and probably on par with 2012.”

“Overall it will be a busy month for IT admins, plus we do not know where security advisory 3010060 from October 21 will be addressed,” wrote Kandek. “That advisory covered a vulnerability in the OLE packager that is in use in the wild, but I am not sure we will see a patch for it this month.”

Critical updates

“Patch Tuesday is coming in hot this month with 15 advisories, of which 4 are listed as critical,” said Ross Barrett, senior manager of security engineering at Rapid7. “The top patching priority is definitely going to be MS14-064, which is under active exploitation in the wild and may be related, at least superficially, to last month’s Sandworm attack, which also worked through a vulnerability in OLE.”

“After MS14-064, attention belongs on MS14-065 and MS14-066, Internet Explorer and SChannel respectively,” he added.

Last month, researchers revealed that Russian hackers had been using Sandworm to attack organisations including NATO, Ukrainian and European governments in a campaign going back at least to 2009.

Last month, Microsoft pulled one of the updates from its October Patch Tuesday release and recommended anyone who downloaded the fix should uninstall it.

Some users complained of “issues” after the update added support for the SHA-2 signing and verification functionality to Windows 7 and Windows Server 2008 R2 machines with the intent of improving security over the more vulnerable SHA-1 hashing algorithm.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

7 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

7 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

8 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

8 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

9 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

9 hours ago