What to expect on Patch Tuesday for November...

It's that time of month again when you have to start preparing for the monthly patch update cycle for your Windows computers and servers. On 14th November Microsoft is planning to release six security bulletins that are rated critical, updated version of the Windows Malicious Software Removal Tool and two NON-Security updates that are high priority.

Of the critical security updates, one bulletin affects the Microsoft XML Core Services. I am quite certain that this is the same vulnerability that was first disclosed via the Microsoft Security Advisory 927892. There are five bulletins that will affect Microsoft Windows. I expect one of these bulletins will address the vulnerability in Visual Studio 2005 that was first disclosed via Microsoft Security Advisory 927709. I will be very disappointed if the bulletins do not address this flaw. The security advisory has already been revised to intimate users of limited availability of POC code that exploits this flaw and limited number of attacks.

Microsoft will also release an updated version of Microsoft Windows Malicious Software Removal Tool. The tool already under scrutiny from security vendors and from what I have seen and heard of the tool, it is not a effective tool.

I will update with another post on the bulletins along with my recommendations on what action to take on each of the bulletin on Tuesday once Microsoft releases the bulletins.