Microsoft routinely issues advance notifications for its monthly Patch Tuesday update days before it goes live, that's not unusual. But the Redmond software outfit typically doesn't reveal the full extent of the patches through official "bulletins" until the day of release, which makes the weekend leak highly unusual.
"I don't remember this ever happening," Andrew Storms, director of security operations at nCircle Security, told ComputerWorld .
The bulletins should have went live around 10AM Pacific / 1PM Eastern tomorrow, September 13, but instead were posted over the weekend. You still have to wait until tomorrow to download the actual updates, which will stomp out 15 security bugs, each one rated "important." Two of them affect Windows, five apply to Excel, two apply to non-application Office components, and six have to do with SharePoint and related software.
Should you be concerned that Microsoft leaked the security info ahead of schedule? Not according to Mr. Storm, who told Computerworld that the bulletins aren't "terribly exciting or worrisome," and this is more of "an embarrassment of procedure" for Microsoft than anything else. According to Mr. Storm, you can rest easy knowing that hackers don't have their hands on the updates to compare old and new binaries, and that there aren't any vulnerabilities that are remote code executable without needing authentication.