This month’s regularly scheduled Patch Tuesday has arrived and in terms of the number of total bulletins, it’s a fairly light one. Four separate bulletins are part of this month’s cycle, two covering Windows and another two covering Microsoft Office.
One of the two Windows security bulletins covers the Help Center zero-day vulnerability that was made public and exploited in June. The other bulletin covers a vulnerability in the 64-bit versions of Windows 7 and Server 2008 R2 that also allows random code execution. (The 32-bit version of Windows 7 is not vulnerable while Server 2008 R2 does not support 32-bit processors.)
For Office, one bulletin covers all versions of Outlook from Outlook 2002 (a part of Office XP) to Outlook 2007. This is the only bulletin that did not receive a “critical” classification from Microsoft this month. The other Office bulletin discusses a vulnerability in Access 2003 and Access 2007.
Home and small and medium-sized business users will find these updates available for download via Windows Update. Enterprise users who choose to defer installing these patches until thorough in-house testing can protect themselves using OfficeScan with the Intrusion Defense Firewall (IDF) plug-in and Deep Security.
One more note for this Patch Tuesday: This will be the last month that Windows 2000 and XP SP2 systems will receive patches from Microsoft. Windows 2000 users have no choice but to upgrade to a new OS. Users of Windows XP SP2 can choose to upgrade to Service Pack 3, which will continue to receive security updates until April 2014.