Microsoft has released details of its next Patch Tuesday, which will fix three critical issues and four rated ‘important’, covering Internet Explorer, Office, Exchange, and Windows.
Bulletin 2 relates to a critical remote code execution vulnerability in all versions of Internet Explorer – the twelfth so far this year.
“We have seen a steady trend of a critical cumulative security update for IE each month for some time,” explained Shavlik product manager, Chris Goettl.
“It may just become a regular fixture as all of the major browsers are getting a lot of attention in the white hat hacking community. We can safely say that this is going to become a critical monthly occurrence.”
The remaining patches fix flaws in Office, Windows and Exchange, including one held back from last month’s scheduled update round alongside another which was issued later on in November.
“With all of the changes at Microsoft recently, this practice of holding a patch could become a pattern. It is likely that with less important patches, these will be released on a subsequent Patch Tuesday,” said Goettl.
“However, for more important patches that aren’t ready for Patch Tuesday, they will likely be released later on in the month as they become ready for release.”
Compared to some recent Patch Tuesdays, December’s load will be a fairly light one for admins, with none of the flaws addressed currently being exploited in the wild.
However, there’s still work to do, according to Trustwave threat intelligence manager, Karl Sigler.
“This doesn't mean that this update should be skipped or delayed,” he cautioned.
“All of these updates can be applied by ensuring that Automatic Updates is turned on so that these will be downloaded as soon as they become available. Once these updates are installed, a restart is required for these security updates to applied.”