Microsoft Patch Tuesday for October

Microsoft plans to release total of 11 security bulletins during is monthly patch update cycle for October 2006. Six of those apply to Microsoft Windows and the maximum severity rating for some of them is "Critical". That means that attackers can possibly take over the computer affected by this vulnerability of execute code remotely.

Four of the patches apply to Microsoft Office and maximum severity rating for one or more of them is "Critical". Again it means that attackers can possibly take over the computer affected by this vulnerability of execute code remotely.

One of updates apply to Microsoft .NET framework with maximum severity rating for this update is moderate. It means that there exists a possibility of bug that this update will fix and there will be no possibility of remote code execution. Microsoft will also release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center. This tool update will not be distributed through Software Update Service.

In addition to these, Microsoft will also release two Non security updates for other Microsoft products on Microsoft Update (MU) and Windows Server Update Services (WSUS). There will none for Microsoft Windows.

Microsoft has not made any additional details of the updates available at this time and will be published on 10th October 2006 along with the updates.

Analysis and Recommendation: With more critical patches coming out, I would recommend applying the security updates to your Windows infrastructure as soon as they are released and adequately tested in your environment. For Microsoft Office, you can probably apply those patches only if the critical vulnerability is going to affect your environment and users and you can probably get by without applying the .NET patch.

Having said that, these recommendation are not authoritative and may change since no details of the vulnerabilities are available at this time. I will follow-up with this when Microsoft releases the patch with some more concrete recommendations.