Qualys Blog

www.qualys.com
wkandek

September 2014 Patch Tuesday Preview

We are getting a small Patch Tuesday this month, a real breather for IT administrators. Microsoft will release only four bulletins next Tuesday and only one of them is rated critical. Bulletin #1 is for Internet Explorer and affects all currently supported versions 6 to 11. It allows allows for remote code execution (RCE) through a malicious webpage and should be the highest priority for you whether you are enterprise or consumer.

The remaining bulletins #2 to #4 fix vulnerabilities that are rated as "important", which address Denial of Service (DoS) problems in .NET and Lync server and a local escalation of privilege (EoP) in Windows. These bulletins are not urgent and can be covered within your normal patching process.

We do not have information from Adobe yet to see if they have any patches, but they have been publishing an update for Adobe Flash every month of 2014, so it is safe to assume that we will get an update here as well. Oracle’s next update is scheduled for next month in their CPU October 2015.

Leave a Reply