As pre-announced last week in Microsoft’s advance notification, there were supposed to be 14 security bulletins released in this month’s swathe of “Patch Tuesday” updates.
However, it seems only 13 made the grade, leaving many system administrators scratching their head as to whether they’re missing something.
MS13-067 through to MS13-079 were released, combatting a range of vulnerabilities ranked variously as “Critical”, “Important”, “High”, Medium” and “Low”, and dealing with software as diverse as Sharepoint, Outlook, Internet Explorer, Windows, Office, and FrontPage amongst others.
It seems that the missing bulletin failed to adequately pass testing, and has held back until it’s ready for future release.
That seems to me like a sensible move by Microsoft. After all, it were to issue buggy security updates (such as those that happened last month) they might cause more trouble for users than the problem they are trying to fix.
And, after all, Microsoft claims that the vulnerabilities dealt with by the missing security update are not being exploited by hackers at this time:
We are committed to delivering high-quality security updates for our customers and extensively test each bulletin prior to release. During some additional testing after advance notification, we determined one of the updates was not quite ready. We have not detected any attacks against this issue, or any of the others addressed today, and we’ll continue to work on the bulletin and release it once it is ready, through our regular bulletin release process.
My advice? Go and grab yourself Microsoft’s latest Patch Tuesday updates, and cross your fingers that they are able to iron out the remaining problems in the missing update as soon as possible.
Oh, and while you’re at it, make sure that you are also aware of the critical patches that Adobe released on Tuesday - protecting against flaws in Adobe Reader and Flash.
PS. Meanwhile I read that a non-security update for Outlook 2013 is causing problems for some users today.