View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
October 14, 2009

Patch nightmare ahead of Windows 7 due date

Admins face record numbers of security fixes

By CBR Staff Writer

Security vendors have started to react to yesterday’s barrage of security fixes released by Microsoft, saying the sheer volume of bulletins and subsequent patches is sure to give administrators problems coming as they do just one week before Microsoft is expected to officially release Windows 7.

Microsoft today released 13 security bulletins that cover a total of 34 vulnerabilities, the most vulnerabilities ever addressed on a single patch day. The previous record was set in June when Microsoft addressed 31 vulnerabilities in ten bulletins.

Jason Miller, security manager at Shavlik Technologies explained that of the 13 security bulletins released, eight have a severity rating of critical and the remaining five a severity rating of important “For the first time, Windows 7 and Windows 2008 R2 are affected by security bulletins,” he added. 

The view is that having to fix security vulnerabilities in the as yet-to-be-released operating system indicates that version 7 will bring little change when it comes to the security of Windows.

“Microsoft is setting new records on security fixes in 2009,” said Dave Marcus, McAfee Labs director of security research. “Once again patching will be especially challenging for enterprises, which will need a solid risk management strategy to test and prioritise the fixes to fend off potential attacks.”

Among the patches, Microsoft has moved to address problems with its Internet Explorer browser that should help stop users being affected if they visit a specially crafted web page that can lead to remote code execution.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Two other bulletins fix problems affecting media playing on target systems, Shavlik said.

Previously if a user opened a malicious streaming media file (ASF), an attacker could gain complete control of the system through remote code execution.

On fix is for Windows Media Player, and addresses one software vulnerability encountered by a user navigating to a directory containing a malicious file through Explorer. Before the fix, simply browsing to the folder, without opening the file, could have triggered the exploit.

Windows 7 is due October 22.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.