IT administrators are looking at a Halloween headache as Microsoft prepares to flood enterprises with a record-breaking 16 security updates on Tuesday. That beats the company’s previous record of 14 security updates just two months ago.
The updates will patch 49 vulnerabilities in Windows, Internet Explorer, Office and SharePoint. Four of the 16 updates carry critical status, while 10 are ranked important. The others are labeled moderate.
October is historically a busy month for IT admins as they work to prepare systems for the end of the year, especially retail or service operations that experience a holiday rush. Microsoft’s advance notice aims to help administrators prepare for what’s coming, although details are slim.
All Tricks, No Treat
The mammoth update comes on the heels of an out-of-band patch in September. That patch addressed a vulnerability in ASP.NET that could allow an attacker to gain access to sensitive information. If Microsoft had not issued the out-of-band patch early, Patch Tuesday could have seen 17 updates.
Indeed, it’s all trick no treat for network administrators this Halloween, said Paul Henry, security and forensic analyst at Lumension. He recommends a proactive approach to patching, combined with a white-listing solution.
“One of the largest patch loads we’ve seen this year is coming on the heels of recommendations from Microsoft around out-of-band patches, as well as Adobe’s huge announcement earlier this week encouraging users to quarantine 25 vulnerabilities in Reader and Acrobat,” Henry said.
“While administrators will have their hands full this week since Microsoft came out with an announcement recommending quarantining machines, it is also important to remember that it is always better to prevent infection than to have to clean it up afterward,” he added.
Oracle Adds To Patch Drama
Microsoft isn’t the only company preparing to release a major security update. Oracle outlined its October patches this week that will…