Microsoft has warned of a bumper crop of patches due to drop next week during the company's regular Patch Tuesday update cycle, including five that are rated as Critical - the most serious designation.
The company's advance bulletin
for November's Patch Tuesday releases warns of five Critical security vulnerabilities waiting to be fixed: four remote code execution vulnerabilities in Windows versions - some of which include the latest Windows 10 beta in their scope - and one which applies to Internet Explorer as well, and a further privilege elevation vulnerability in Windows that would allow successful exploitation of an unprivileged user account using the aforementioned flaws to gain complete administrative permissions to the machine.
The patch list also includes nine Important patches for Windows, the .NET Framework,. Office and Exchange, which range from further privilege elevation vulnerabilities to security feature bypass techniques. A final pair of patches for Windows and Office are rated Moderate, allowing elevation of privilege and denial of service respectively.
'Although Microsoft usually staggers its patches, alternating between OS and app updates, it looks like nearly all machines will have at least a few critical updates to apply, including .NET Framework, Office 2007, Exchange and SharePoint,
' explained Chris Goettl, product manager at security specialist Shavlik, of the list. 'Exchange and SharePoint being in the mix means that there will be a need for some thorough testing before rolling out updates. .NET Framework also is getting an update this month, which usually means a little longer time on the maintenance window as those patches tend to take a little longer than the average OS patch to install.
The update list is the longest for Microsoft so far this year, while those installing the patches will be hoping the company won't continue its worrying trend of withdrawing one or more faulty patches with each monthly release this time around.