Next Tuesday will be Microsoft's Patch Tuesday for the month of October. IT admins, consider this your advance notice to clear your calendar for next week and prepare to address a record-setting 16 security bulletins.
Issuing 16 security bulletins in one month is a new record--besting the record of 14 security bulletins issued just two months ago in August. Addressing 49 different identified vulnerabilities in one Patch Tuesday also breaks new territory.
The advance notification from Microsoft serves as a general heads up, but details regarding the patches are scarce. What we know is that a total of 16 security bulletins are planned, and that the breakdown of criticality is that four are projected to be Critical, ten Important, and two Moderate.
Another point worth mentioning is that all four of the Critical security bulletins apply to Windows 7 as well--although one of those four is the ubiquitous Internet Explorer cumulative update. Four Critical security bulletins for Windows 7 is unusual, though, as the security controls inherent in Windows 7 usually reduce or minimize the impact of vulnerabilities on the OS and demonstrate its superior security model over legacy platforms like Windows XP.
This record Patch Tuesday follows in the wake of an out-of-band update released during September to address a vulnerability with ASP.NET which could allow an attacker to gain access to privileged or sensitive information. Were it not for MS10-070, we might be looking at 17 security bulletins next week.
nCircle's Storms also notes, though, that, "The outstanding DLL load hijacking vulnerabilities are not specifically spelled out as being fixed this month. We'll have to wait and see how Microsoft chooses to address this issue."