Microsoft is getting ready for their latest round of patches. Patch Tuesday will see six in total with varying degrees of importance.
The following table summarizes the security bulletins for this month in order of severity.
For details on affected software, see the next section, Affected Software.
Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
---|---|---|---|
Bulletin 1 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
Bulletin 2 | Critical Remote Code Execution |
May require restart | Microsoft Windows |
Bulletin 3 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 4 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 5 | Important Elevation of Privilege |
May require restart | Microsoft Windows |
Bulletin 6 | Moderate Denial of Service |
Does not require restart | Microsoft Server Software |
The following table details Microsoft’s classification for severity
Rating | Definition |
Critical | A vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing to a web page or opening email.
Microsoft recommends that customers apply Critical updates immediately. |
Important | A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. These scenarios include common use scenarios where client is compromised with warnings or prompts regardless of the prompt’s provenance, quality, or usability. Sequences of user actions that do not generate prompts or warnings are also covered.
Microsoft recommends that customers apply Important updates at the earliest opportunity. |
Moderate | Impact of the vulnerability is mitigated to a significant degree by factors such as authentication requirements or applicability only to non-default configurations.
Microsoft recommends that customers consider applying the security update. |
Low | Impact of the vulnerability is comprehensively mitigated by the characteristics of the affected component. Microsoft recommends that customers evaluate whether to apply the security update to the affected systems. |