As mentioned in the previous post on this months security bulletin releases, there are now confirmed to be 16 security bulletins, addressing 49 vulnerabilities.
This month is a milestone for Microsoft in that it reaches a new high for both the number of bulletins released and vulnerabilites being addressed.
Of the 16 security bulletins, 12 address Windows, 3 Office, 1 .NET and 1 Internet Explorer. Whilst all should be given due attention in their relevant environments, our primary focus is those affecting Windows Server Operating Systems.
As such, the following table focuses on affected Server OS’s by bulletin and the likelihood of a Operating System restart being required and hence impacting on services provided.
|Bulletin Identifier||Aggregate Severity Rating||Windows Server 2003 32-bit||Windows Server 2003 x64||Windows Server 2008 32-bit||Windows Server 2008 x64||Windows Server 2008 R2|
|MS10-071||Important||Restart required||Restart required||Restart required||Restart required||Restart required|
|MS10-073||Important||Restart required||Restart required||Restart required||Restart required||Restart required|
|MS10-074||Moderate||May restart||May restart||May restart||May restart||May restart|
|MS10-075||None||Not applicable||Not applicable||Not applicable||Not applicable||Not applicable|
|MS10-076||Critical||May restart||May restart||May restart||May restart||May restart|
|MS10-077||Critical||Not applicable||May restart||Not applicable||May restart||May restart|
|MS10-078||Important||Restart required||Restart required||Not applicable||Not applicable||Not applicable|
|MS10-081||Important||Restart required||Restart required||Restart required||Restart required||Restart required|
|MS10-082||Important||May restart||May restart||May restart||May restart||May restart|
|MS10-083||Important||Restart required||Restart required||Restart required||Restart required||Restart required|
|MS10-084||Important||Restart required||Restart required||Not applicable||Not applicable||Not applicable|
|MS10-085||None||Not applicable||Not applicable||Restart required||Restart required||Restart required|
|MS10-086||None||Not applicable||Not applicable||Not applicable||Not applicable||Restart required|
As can be seen, there are a large number of updates affecting 2003, 2008 & 2008 R2 but most importantly we are highly likely to see widespread requirement for Operating System restarts. Typically where ‘May restart’ is listed, this will require a restart if components being updated are in use at the time of update or if services cannot for some reason be stopped – so planning for a restart is highly recommended.
In addition to reviewing the official Security Bulletin, it is also worth reviewing the information on the Microsoft Security Response Center blog regarding this months updates where more detail on real world scenarios is discussed. The below slides are from the blog and show the Deployment Priority and Severity and Exploitability Index ratings for this months updates.
(as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)