October 2009’s Record Breaking Patch Tuesday
Patch Tuesday is the second Tuesday of each month when Microsoft releases updates or fixes to its software. It has been recorded that the name Patch Tuesday was already in use since the last quarter of 2004. The reason why updates are lumped together to be released once a month and not right after they are packaged is to allow system administrators to mark a day in the month to prepare all computers for the patch, and this work involves backing up files, disabling network connections and other stuff required to make sure that computers will not malfunction after the fixes are installed. This may seem pretty trivial to most of us who own one or two computers, but remember, there are companies with hundreds, if not thousands of computers and updating each one of them will be really major work.
This month’s Patch Tuesday (October 13, 2009) will be a record breaking event with 13 update bulletins with eight marked as critical. The last time Microsoft released as many patches was on February 2007 and October, 2008 but both days had one less critical update. Included in this month’s eight critical updates will be a patch for Windows 7 and the fix targets a major vulnerability of Internet Explorer 8. Aside from the single critical patch, Windows 7 will also receive 4 other updates marked as important. A lot of remarks has been said on the numerology of October’s Patch Tuesday because it happens on the 13th day of the month and 13 updates are involved. Most Windows users do not care about the significance of these numbers as long as Microsoft keeps rolling those fixes in order to make their computers more secure.
Microsoft ranks its updates depending on the severity of vulnerability.
Critical – this update fixes critical vulnerabilities in your computer that allows malware to run freely in your computer without your knowing. A critical vulnerability is a gaping hole in your computer’s security where malware can enter freely and does not require any user action to trigger an infection. This type of vulnerability allows malware to propagate rapidly over the internet.
Important – important updates fixes those vulnerabilities that compromises important and confidential information in a computer.
Moderate – this is a fix for moderate vulnerabilities that affect a computer. Vulnerabilities become moderate in effect when they are hampered by existing computer configurations (antivirus software, firewalls) and computer/software audits.
Low – this type of fix targets those vulnerabilities with minimal impacts.
It is significant to note that 60 percent of this month’s updates are critical and 40 percent are important. Systems administrators will have an unusually busy week ahead as they update hundreds of computers and making sure afterwards that important business software still work as expected.
The most important fixes are those that targets SQL Server, Visual Studio and Internet Explorer. The fix for SQL Server prevents remote code execution from happening and this will impact web sites that use the database as a backend. The fix may require a restart of the server so for a moment, affected websites may not be available. The fix for Visual Studio may be an improved version of an earlier update of ATL, which is generic computer functionality used by a lot of software like Internet Explorer, and a lot of Adobe applications. Internet Explorer is updated every month but this October’s patch is unique because of it’s critical status.
Patch Tuesday for October, 2009 officially begins on one o’clock in the afternoon, Eastern Time.