Menu
Tick, tock: Windows 8.1 users face patch ban as Microsoft sets next week's updates

Tick, tock: Windows 8.1 users face patch ban as Microsoft sets next week's updates

Microsoft plans to deliver eight security updates on May 13 for IE, Windows, Office and SharePoint; four are slated for Windows 8.1

Microsoft today said it will issue eight security updates to customers next week that will include fixes for flaws in Internet Explorer (IE), Windows, Office and SharePoint.

Four of the bulletins, including the one targeting IE, affect Windows 8.1, the fall 2012 refresh of Windows 8. However, to receive those four updates, users of Windows 8.1 must have upgraded to Windows 8.1 Update, which Microsoft released just last month.

Of the eight updates, two were tagged "critical," Microsoft's most serious threat rating, and the remaining six were marked "important," the next step down in the firm's four-part scoring system.

May's collection of updates is the largest so far this year: Microsoft issued four updates each in January and April, five each in February and March.

"It's in the range," said Andrew Storms, director of DevOps at CloudPassage, today. "It's not like this is a giant update."

Storms recommended that users apply the IE update as soon as possible. Marked critical, the update will patch one or more vulnerabilities in all still-supported versions of the browser, including IE6, IE7, IE8, IE9, IE10 and IE11, according to Thursday's advance notification of next week's slate.

Although IE6 was retired last month for users of Windows XP, it still receives patches when deployed on Windows Server 2003. The latter does not exit support until July 2015.

No patches will be offered to Windows XP PCs next week, in fitting with Microsoft's standard support lifecycle policy. XP was retired last month, although Microsoft made an exception May 1 when it pushed a single IE patch to the 13-year-old OS, a move that caught most by surprise. At the time, it explained that it gave the IE fix to XP customers because the latter had been retired so recently.

Apparently, a week is the difference between patching and not patching XP.

"Microsoft will include the 'out-of-band' from last week in this month's IE update," said Storms, using the term for the emergency patch Microsoft shipped May 1. "But it wouldn't hurt to double-check."

The other critical update, named "Bulletin 2" in the advanced notice, will apply to SharePoint Server 2007, 2010 and 2013. SharePoint Server has been patched twice already this year -- in both January and April -- as well as in December 2013.

"SharePoint is one of those critical back-end office servers, in the same bucket as Exchange and SQL Server," said Storms. "So it will be important to move gingerly and important to test properly before deploying it."

Storms also remarked on the frequency that SharePoint has been patched. "They've been patching it more than other servers," he said. In 2013, Microsoft issued eight updates for SharePoint Server; in comparison, Exchange Server, Microsoft's email server software, received four updates during the year.

Storm put the SharePoint update in the No. 2 slot on his to-do list for next Tuesday.

The Windows 8.1 updates -- the critical one for IE, three others, all rated important, for Windows itself -- are a special case this month, as they will reach consumer PCs and other devices, including Microsoft's Surface tablets, only if users have applied Windows 8.1 Update.

Microsoft originally gave everyone just five weeks to put Windows 8.1 Update in place in order to receive May's fixes, but quickly backed off under pressure from corporate customers. Those users who rely on WSUS (Windows Server Update Services), Windows Intune or System Center Configuration Manager to obtain and deploy patches will have until August to apply Windows 8.1 Update before being shut off from future patches.

Consumers and small businesses -- or anyone who uses Windows Update to fetch patches -- must have Windows 8.1 Update in place by next Tuesday or they will not see the month's slate of fixes, leaving their systems unprotected.

"On one hand, this gives you more reason to apply Windows 8.1 Update, because if you don't there are patches you're missing," said Storms, putting a silver lining on the aggressive schedule Microsoft has mandated. "On the other hand, I wonder how many people are going to recognize that that's the case?"

In fact, some have had problems getting Windows 8.1 Update installed. A very long thread on Microsoft's support forum contains more than 1,000 messages from people who have encountered errors while trying to deploy the update.

Unless those users can finalize the installation of Windows 8.1 Update by Tuesday, they will also be unable to automatically install the month's patches.

Microsoft will release the eight security updates on Tuesday, May 13 around 1 p.m. ET.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags MicrosoftWindowssoftwareMalware and Vulnerabilitiesoperating systems

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments