On Thursday, Microsoft announced four security bulletins for next week. The announcement is intended as a heads-up for IT departments before Patch Tuesday.
Four fixes are considered critical, six important, and one is moderate as ranked by the software giant.
Starting this month, Microsoft is sharing the technical details of new vulnerabilities to give software developers a catch to update affected products before the public announcement. And on Tuesday, Microsoft is expected to provide with each bulletin an "exploitability index" to help system administrators prioritise the patches.
Among the critical patches one each affects Windows, Internet Explorer, Microsoft Host Integration Server and Microsoft Excel. All four could enable remote code execution if exploited.
Of the important patches, all six affect Windows, and could enable remote code execution or elevation of privilege if exploited.
The lone moderate patch affects Windows Office and could enable information disclosure if exploited.
Talkback
This post has been removed by a moderator.
With four critical updates and six moderate patches, this is a pretty heavy Patch Tuesday in terms of volume. Given that the four critical bulletins deal with Windows and Excel 2000, Internet Explorer 6 and Microsoft Host Integration Server, organizations should not be lax when rolling out this month's patches. These vulnerabilities are also confirmed as remote code execution so they could, in theory, allow unfettered access to sensitive databases and therefore need to be treated very seriously.
The Windows Active Directory and Excel Bulletins are critical for organizations running Windows 2000 and Office 2000. Windows Active Directory and Excel 2000 are extremely common implementations and companies need to pay special attention as many users are still using their Active Directory and Office on Windows 2000. Next, the Office issues also impact MAC users that have Office for the Mac 2004 and 2008.
Organizations will also need to pay special attention to the Windows Internet Explorer V6 Bulletin because it is still widely deployed within organizations. The IE issue impacts multiple versions across multiple platforms which could spell trouble for IT administrators. It is not simple as patching IE for XP or Vista as it impacts 2000, XP, Vista as well as Microsoft Windows Server 2003 and 2008. Lastly, the Windows Host Integration Server is a gateway application between Microsoft networks to IBM mainframe and AS400 environments so anyone using HIS environments will need to prioritize this patch accordingly.