Be Ready for Patch Tuesday This Week

Paul Mah

Microsoft will be releasing its largest ever number of security updates on Patch Tuesday this week. To get an idea just how significant it is, consider that the scheduled 13 bulletins will rival previous highs of 12 security bulletins in February 2007 and October 2008. In addition, eight of the bulletins are rated as "critical," the highest severity ranking according by Microsoft.


I've categorized some of the reasons why tomorrow's Patch Tuesday is important to SMBs below.


SMB and IIS vulnerabilities fixed


The SMB here means Microsoft Service Message Block, which is a protocol created by Microsoft for network and print sharing. Even though there are ways of mitigating the SMB and IIS vulnerabilities, it is undeniable that both issues are serious and should be fixed as soon as possible.


Security Analysts usually use a process of elimination on preliminary data to guess at the contents of upcoming patches. It was not necessary in this case though, as Microsoft took the rather unusual step of directly identifying the SMB flaw and IIS FTP issues that it says has been fixed, and which only serve to underscore the critical nature of these two vulnerabilities.


Number of applications affected


Beyond the SMB and IIS vulnerabilities mentioned above, a large number of other Microsoft applications will also be affected by the updates. These range from the Windows operating system, Internet Explorer and Microsoft Office. In addition, Silverlight, Forefront and Developer Tools will also be updated, while vulnerabilities found in SQL Server could have serious repercussions if exploited.


Windows 7 affected


Even though the Windows 7 operating system will be officially released next week, it is nevertheless affected by the updates due to be released on Tuesday. I highly doubt there was adequate time to slipstream these patches into existing RTM copies of Windows 7. What this means to early adopters is that they will need to make sure that workstations purchased on or after Oct. 22 will need to be patched right out of the box.


Reboot required


One aspect that is less talked about on the various news sites is the question of whether a computer restart will be required after installing the updates. To pre-empt that, Microsoft Security Program Manager Jerry Bryant confirmed in a blog entry that "Most of these updates require a restart so please factor that into your deployment planning."


While enterprises might have more than adequate servers in order to perform a rolling update, a smaller-sized SMB might find that most of its services are cloistered in far fewer physical machines. Senior executives trying to check the server before rushing off for an important meeting will probably not take kindly to the 20-30 minutes -- or even more -- of downtime as servers power off and start again. As it is, IT managers and administrators need to take heed and plan accordingly for scheduled downtime.

Add Comment      Leave a comment on this blog post
Oct 13, 2009 1:20 AM Paul Mah Paul Mah  says: in response to Santanu Lahiri

I'm sorry to hear about your experience. Was it the first time a patch caused productivity problems? Hope to hear how today's Patch Tuesday go for your SMB.

Oct 13, 2009 5:12 AM Andy Miller Andy Miller  says: in response to Paul Mah

We have not had any issues from the Patches YET!!!  However, we had several SMTP attacks with several clients.

Oct 13, 2009 11:20 AM Santanu Lahiri Santanu Lahiri  says:

Forget Patch Tuesday, We got hit by a patch yesterday that reset the IP on our primary domain server from fixed to DHCP, without warning us.  We are a small business, can not afford a full-time SysAdmin, our PT admin clicked on Apply in a mement of weakness, and voila!  TCP/IP config was switched over to DHCP without even asking us.

Anybody else having problems with this also make sure you do not have spurious entries left behind in the DHCP after the dust settles.  We found that the hard way...


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.