Quantcast
Channel: Security - News
Viewing all articles
Browse latest Browse all 27

Microsoft Patch Tuesday for October 2014

0
0
This month, Microsoft will be publishing nine updates across multiple products, including: Windows itself, Internet Explorer, Office, and the Microsoft Developer Tools (Visual Studio). Five of the nine patches are listed as fixing Remote Code Execution (RCE) holes, typically the sort of bug that Oracle described above as "remotely exploitable without authentication," and that Adobe warned could "potentially allow an attacker to take over the affected system."

Interestingly, only three of the five RCE bugs are rated critical by Microsoft, even though you might assume that any RCE ought to be considered critical almost as a matter of definition.

We shan't know why until the patches have actually been published and the details officially revealed, but a reasonable guess is that the non-critical RCEs can only be triggered by users who have already logged in. That would mean that these holes wouldn't count as "remotely exploitable without authentication," thus reducing their risk significantly.

Server Core affected

Most notable in this month's set of Microsoft updates is that even your Server Core Installations will be getting critical patches. Server Core versions of Windows are stripped down to a lean set of essential system software, sufficient to run vital services such as DHCP and DNS, but not enough to support software such as Internet Explorer (or, indeed, any other browser), Office, Reader or Flash.

That greatly reduces the attack surface area, and with less to go wrong, Server Core systems typically require fewer patches, especially critical patches. However, all Server Core flavours will get at least one critical fix this month, and will require a reboot. Don't forget to schedule those outages for the DHCP and DNS servers on your network!

View: Microsoft Security Bulletin

Viewing all articles
Browse latest Browse all 27

Latest Images

Trending Articles



Latest Images