Update: Adobe will release a new version of its Reader and Acrobat products on Tuesday as well. The new versions will address critical issues on both Windows and Mac OS X.
Original: 2014’s first Patch Tuesday is coming up next week and it will be a full plate for IT administrators even though we are looking at only four bulletins from Microsoft. Oracle will simultaneously release its Critical Patch Update, and these quarterly releases typically address over 100 vulnerabilities in their large software line. For example, 127 were addressed in October of 2013. Analyzing the applicability of these flaws to one’s software infrastructure and addressing them are a major concern for any organization that uses Oracle products.
Update: Microsoft confirmed the fix for the TIFF 0-day and also that the local 0-day will not get an update next week. Best defense is to update your Adobe Reader installation.
Original: Today, Microsoft has pre-announced this year’s last Patch Tuesday lineup. We will have 11 security bulletins covering Internet Explorer, Windows operating systems and Microsoft Office software. This brings the overall count of security bulletins for 2013 to 106, up quite significantly from last year’s count of 83, but roughly in line with 2011 (100 bulletins) and 2010 (106 bulletins). Microsoft has also maintained the more continuous release of bulletins started in 2012 with an average of just under 9 bulletins per month rather than the more bursty bi-monthly nature of previous years. The steady, more predictable release cycle is helpful to IT administrators as it helps them prepare for the workload necessary for each Patch Tuesday.
Today for Patch Tuesday, Microsoft and Adobe are both coming out with critical fixes for a number of widely installed and attacked programs. Microsoft has 10 bulletins addressing a total of 33 vulnerabilities, and Adobe is releasing new versions of Adobe Reader, Adobe Flash and Coldfusion.
It is the week before Patch Tuesday May and Microsoft has published its Advance Notification, giving us insight into what to expect next Tuesday.
There will be 10 bulletins this month, covering all versions of Internet Explorer (IE), Microsoft Office and Windows. The fixes for IE include the patch for the current 0-day vulnerability. A total of five bulletins allow for remote code execution (RCE) and should be the focus points for your patching next week.