Record patch Tuesday: What you need to know

Microsoft is putting out 17 security bulletins, and IT admins have little time to apply the patches before the holidays

Today is the final Microsoft Patch Tuesday for 2010. It has been a busy year for Microsoft when it comes to security bulletins, and December is no exception as Microsoft closes out the year with a record 17 security bulletins. With only a week or so until many IT admins plan to kiss 2010 goodbye and break for the holidays, it is important to understand and prioritize the latest patches for quick implementation.

Joshua Talbot, security intelligence manager for Symantec Security Response breaks down the 2010 milestones for Microsoft. "Seventeen bulletins are the most ever issued in a single month. Also, Microsoft has now released 106 security bulletins in 2010--the first time topping the century mark since the Patch Tuesday program began. The next closest was 78 in 2006 and 2008. Finally, by Symantec's count Microsoft far surpassed the number of vulnerabilities patched in a single year with 261. The previous record was 170 set last year."

Depending on your perspective, 2010 either proves just how flawed and vulnerable Microsoft software is, or it illustrates how successful Microsoft has been at identifying and resolving vulnerabilities. I tend to side with the perspective that the software itself is not any more flawed than previous years--in fact possibly less--but that Microsoft has become more agile at addressing vulnerabilities as they are discovered.

A Microsoft spokesperson sent along some guidance. "Microsoft encourages customers to test and deploy all updates as soon as possible to help prevent criminal attacks on their computers."

Microsoft provides the Severity and Exploitability Index, as well as a Deployment Priority guide to help IT admins asses the risk and prioritize the updates. As a part of that guidance, Microsoft stresses that the two Critical security bulletins--MS10-090, the security bulletin addressing Internet Explorer vulnerabilities, and MS10-091, the security bulletin related to flaws in the Windows operating system--be given priority attention.

Andrew Storms, Director of Security Operations for nCircle, agrees with the urgency for the IE update. "The most important bug this month is clearly the IE update that includes a fix for the outstanding zero-day bug discovered in early November. With more and more people shopping online this time of year, it's important for everyone to patch their browsers."

"Many of the patches are deemed as "important," and a very low amount marked as "critical" vulnerabilities," said Dave Marcus, director of security research and communications at McAfee Labs. "It seems the majority of Patch Tuesday's are bringing record numbers of updates, and other applications from Adobe, Oracle have increasing numbers as well. The threat landscape is clearly broadening, and if organizations wait to patch, it gives cybercriminals an opportunity to exploit data."

A spokesperson for Webroot e-mailed me to stress that IT admins go the extra mile to test and implement patches as quickly as possible before taking off for the holidays. "People should apply the patches as soon as they can to remain fully protected against malware. It doesn't take exploit kit creators long to build new exploits once patches have been released, so getting the fixes applied before new exploits hit the net is going to be a race against time."

Webroot also points out that most of the patches require a reboot to complete, and that systems that update while users are away over the holidays could be at risk of losing data in open files on the desktop. Webroot suggests, "People might want to either fully power down a work PC if you're going to be away from the office or at least save all your work and close any open apps so you don't lose anything when Windows Update tries to force the PC to reboot during the patch installation."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftfirewallspatches & drivers

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?