It’s another Patch Tuesday, usually referred to by Microsoft as ‘Update Tuesday’. Terminology aside, what it means is a big pile of updates that will be foisted upon most Windows users over the next few days.
Those of us sticking with Windows 8.1 can still review the available updates and install them at our leisure, which can be very satisfying when an update that we defer turns out to cause problems. But Microsoft seems to reserve its major screwups to Windows 10 updates these days (incuding this month’s printing crashes, and the fix for those crashes).
If you’re running Windows 10, you can defer updates for as long as a month… unless you’re running any of the Home versions, in which case the updates are as inevitable as taxes.
This month’s updates address several extremely serious security vulnerabilities in Exchange, Microsoft’s email server software, which ordinary folks are very unlikely to be running.
But the parade also includes updates for the usual offenders: Internet Explorer, Microsoft Edge (both the Chromium-based and original versions), Office (Excel, PowerPoint, SharePoint, Visio), Visual Studio, Visual Studio Code, and of course Windows. One hundred and thirty-one vulnerabilities* are addressed in all.
Microsoft’s Security Update Guide is currently the official source for this information. The SUG has undergone some improvements lately, and it’s gradually getting easier to navigate, which is a relief.
If you’re still running Windows 7, today’s festivities are largely meaningless, though Microsoft does occasionally toss a bone in your direction, in the form of a Windows 7 update normally reserved for those deep of pocket. Microsoft will presumably continue to do this when a flaw is serious enough that witholding the fix would create a public relations problem for the company.
The release notes for today’s updates provide additional details, though they are still sadly somewhat incomplete.
* The vulnerability count varies depending on who’s looking. According to the SANS Internet Storm Center, “This month we got patches for 122 vulnerabilities. Of these, 14 are critical, 5 are being exploited and 2 were previously disclosed.” Brian Krebs says “from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating”. Clearly Microsoft’s Security Update Guide still needs work.