According to a recent Microsoft report, the company plans to release a total of five security updates next week to fix 15 vulnerabilities located in Windows, Excel, SharePoint Server and Groove. The five updates will be considered “important”, which is the second highest ranking in Microsoft’s four-step security system.
Microsoft usually sends a smaller number of updates in months labeled as “odd months” and stick to this plan. The September volume is down from August when Microsoft fixed 22 issues with 13 individual security bulletins or updates. According to nCircle Security Director of Security Operations Andrew Storms, “Not much there, but we didn’t expect much from it. It’s the month of light, the month of depression.”
Microsoft has presented all the details on the upcoming patches in a notice next week, which is Tuesday. Two of the updates affect Windows and one of them only affects Server 2003, 2008 and 2008 R2. The second patch fixes some additional bugs found in all supported versions of the operating system that include XP and Windows 7.
“There are a number of server-only components that have been present throughout the Windows Server lifecycle,” added Storms about the server-only update. “SMEs are an example of this. And they’ve been patching SMB a lot in the last few months.”
SMB, or server message block, is a file and network sharing protocol developed by Microsoft that has already been patched several times this year, including an update that took place in April and closed a critical gap that some analysts believe criminals could use to build a dangerous worm.
Two more updates to be released next week will fix localized problems in Excel 2010 and Excel 2011 for Mac and in Office software in total. The fifth patch will fix a plethora of server-side software, including SharePoint, Groove and Office Web Apps, which is the cloud version of the Microsoft suite.