Next Tuesday Microsoft will unleash 14 new security bulletins, addressing a record-tying 34 vulnerabilities. In the wake of the out-of-band patch issued for the Windows shortcut security flaw, and with an upcoming out-of-band patch from Adobe as well--IT admins need to a plan of action for implementing the deluge of updates.
Issuing 14 security bulletins in one month is a new one, but the record of patching 34 different flaws is not so uncommon any more. This is the third or fourth time that has occurred in just the past year. Microsoft has experienced a feast or famine flow of updates with virtually no security bulletins one month, followed by a massive batch of security bulletins the next. Microsoft has also had an unusual number of out-of-band patches this year to address attacks against zero-day vulnerabilities.
Wolfgang Kandek, CTO of Qualys, provides a brief analysis of the upcoming Microsoft patches on his blog. "Including the LNK update, 9 bulletins have a rating of critical and affect all version of the Windows OS, Internet Explorer, Silverlight and Microsoft Office."
However, Kandek goes on to clarify that "Windows 7 and 2008 R2 have a smaller number of critical vulnerabilities than Windows XP and 2003 in function of their improved security architecture, but are still affected by 2 critical vulnerabilities each."
Month after month of Microsoft security bulletins continue to illustrate one very crucial fact--Windows 7 (and Windows Vista) are far superior to Windows XP when it comes to security and stability. Windows 7 just passed Windows Vista in market share, but the two combined still only have half the audience of the archaic--and insecure--Windows XP.
For the organizations out there that are still using Windows XP--hopefully they have at least updated it to SP3. As of last month, Microsoft is no longer providing updates or support for Windows XP SP2 or Windows 2000.
Qualys' Kandek stresses "Windows XP SP2 users do not have any patches supplied to them, even though the 5 critical vulnerabilities for XP SP3 most likely apply to their discontinued version of the OS as well. Windows XP SP2 users should upgrade to SP3 as quickly as possible."
No OS is perfect--and Windows 7 is no exception--but Windows 7 has significantly fewer critical vulnerabilities. With a more secure OS, IT admins have less to be concerned with, and less cause for urgency to assess and implement the patches once they are released.
Regardless of what version of Windows your company employs--IT admins consider yourselves warned. It's going to be a busy week next week.