Friday 5 December 2014

Patch Tuesday Preview for December 2014

Microsoft has released its preview document for the December Patch Tuesday bulletin release, which can be found here

For the month of December we are looking out for at  least seven patches for the month. When I say at least, it's possible that we are going to see some additional updates as part of Microsoft's Out of Band patch release process. 

These non-Patch Tuesday updates are called out-of-band (OOB) patches and may be released anytime through the month. There are quite a few requirements before Microsoft will release an OOB update, some of which include;
  • Is this particular vulnerability serious enough to require the release of a patch out of the normal Patch Tuesday cycle?
  • How widespread and immediate is the attack? 
  • Is the next patch release cycle near enough to warrant waiting a few days or a week?
  • Will the rushed development and release of a quick patch likely disturb program functionality, perhaps producing more trouble than it resolves?
  • Is the threat stable, or is it evolving (or likely to evolve) day by day?

For this month, we are also expecting the final release of the delayed Microsoft Exchange update MS14-075. Over the past few months, we have seen a number of updates that have been either delayed (MS14-68) or have been recalled. This may be the start of a new pattern or process for Microsoft.

The seven updates for December include three critical updates, with the remaining four updates rated as important by Microsoft. We saw a number of Adobe updates last month, and so, unless we see a critical update to Adobe Flash, which would most likely be related to the coming Internet Explorer update, we are not likely to see either an Adobe or a Chrome update for December.

No comments: