Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities

[Borg 386]

Microsoft’s September batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services (IIS), and Microsoft Office. According to the company’s advance notification for this month’s Patch Tuesday, there will be a total of 9 bulletins (four rated critical) addressing flaws in all versions of Windows, including Windows 7 and Windows Server 2008.

The Microsoft Office bulletins will cover security holes in Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007. It is likely these will include fixes for the DLL load hijacking attack vector that affects hundreds of Windows applications.

Seven of the nine bulletins address flaws that could lead to “remote code execution” attacks so it’s important for affected Windows users to pay close attention to this patch batch.

Read More:

Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities | ZDNet

 

[richc46]

Allow me to give my little sermon now, rather than wait for the Thursday after patch Tuesday.

Set your automatic update to notify and not install. Now don't argue this point, because I am speaking from the experience that I have acquired from helping others. If you receive a large number of updates they will be all installed at the same time. If more than several require a restart, a conflct will develop. Then on Thursday, the posters come and tell me that "The update is jammed and my computer will not boot", etc.
Dont be one of them. Set the update to notify.
http://www.sevenforums.com/tutorials/2797-windows-update-settings-change.html

 

[marsmimar]

Thanks for the info. Interesting that the article says, " It is likely these will include fixes for the DLL load hijacking attack vector that affects hundreds of Windows applications." Guess MS wants to keep everyone in the dark. Also agree with Rich about not using automatic updates. I've always had my updates set to "Never check for updates (not recommended)" because I got into the habit a long time ago to manually check for updates a couple of times a week. Takes a few extra minutes but it keeps things from getting installed that I don't want or need. Or even worse, restarting my computer if it's in the middle of doing something.

 

[CarlTR6]

Thanks for the heads up. I will have to make sure my wife's XP machine gets updated.

Edited to add: Rich is spot on. +1

 

[Borg 386]

Set your automatic update to notify and not install. Now don't argue this point, because I am speaking from the experience that I have acquired from helping others.

That's good advice. I always set mine to Notify & not install for 2 reasons.

The first being as richc46 mentions.

The second being that sometimes, the patches can/will cause problems and be buggy. I like to wait a day or 2 and see if anyone has posted about any problems caused by installing them. There is the System Restore option, but nonetheless, I prefer to wait and see. And system restore doesn't always fix everything.

 

[richc46]

Another very good reason, Borg, thanks for sharing.