October's Patch Tuesday's bigger than normal, with 11 security bulletins (four critical, six important, and one moderate) affecting the following desktop operating systems and applications:
Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, Windows XP, and Windows Vista get patched to stop a remote code execution threat
Windows XP SP2 and SP3 and Windows XP Professional x64 and XP Professional x64 SP2 will be patched to stop elevation of privilege attacks
Windows 2000 SP4 through Windows Vista SP1 will also be as updated needed to prevent remote code execution
Microsoft Excel 2000 SP3, Excel 2002, Excel 2003 SP2/SP3, and Excel 2007/2007 SP1 will be updated against a critical vulnerability, as will Excel Viewer 2003/2003 SP3, Excel Viewer, and MS Office Compatibility Pack and Compatibility Pack's SP1.
What else is coming down the chute starting Tuesday?
Windows Vista Media Center gets a pair of updates (one for the TV Pack, and one for everyone), as well as the usual updates to the Malicious Software Removal Tool, Windows Mail Junk Email Filter and Customer/Windows Vista Experience Improvement Program.
However, the biggest news is the premiere of the Microsoft Active Protections Program and Exploitability Index we told you about in August. Hopefully, these programs will aid the never-ending battle against the bad guys in cyberspace.
Pingdom AB, a Swedish-based website monitoring firm, recently studied the uptime of the update sites for the three most popular desktop operating systems, Microsoft, Apple, and Ubuntu. During the second quarter of 2008 (April-June), Pingdom reports (2) that Windows Update was up 100% of the time, compared to Apple Software Update's 99.9% uptime, and Ubuntu Archive's 98.64% availability. During the period, Apple's update service could not be contacted for a total of 2 hours, 34 minutes, while Ubuntu's update service could not be contacted for a total of 1 day, 5 hours, and 45 minutes.
It sounds like a clear win for Redmond, but a closer look at how update sites work suggest the story isn't so simple. For more, join us after the jump.
InfoWorld reports that Microsoft will release Windows XP SP3 to Windows Update starting Thursday, July 10. If you don't have SP3 installed and Windows is configured to use the default Automatic (recommended) settings, you'll be upgraded to SP3 on Thursday or shortly afterwards (as usual, Windows Update uses a staggered schedule).
If you absolutely, positively don't want SP3 right now, want to make sure your SP2-loving system is ready to take the plunge, or want to share your SP3 experiences - good, bad, or ugly - you know what to do: we'll see you after the break.
Windows Update will itself be updated, starting in late July, according to Windows Update product manager Michelle Haven, in a recent TechNet post. This update changes both the WU clients used by Windows XP and Vista-based machines as well as the back-end infrastructure, and as a result, scans for updates and update installations are faster. That's the good news. But, will the update cause problems for Windows XP users who need to perform a repair installation? And, what about users who don't want Microsoft making any changes to their system?
For more light on these questions, join me after the break.