Microsoft today said it will issue eight security updates to customers next week that will include fixes for flaws in Internet Explorer (IE), Windows, Office and SharePoint.
Four of the bulletins, including the one targeting IE, affect Windows 8.1, the fall 2012 refresh of Windows 8. However, to receive those four updates, users of Windows 8.1 must have upgraded to Windows 8.1 Update, which Microsoft released just last month.
Of the eight updates, two were tagged "critical," Microsoft's most serious threat rating, and the remaining six were marked "important," the next step down in the firm's four-part scoring system.
May's collection of updates is the largest so far this year: Microsoft issued four updates each in January and April, five each in February and March.
"It's in the range," said Andrew Storms, director of DevOps at CloudPassage, today. "It's not like this is a giant update."
Storms recommended that users apply the IE update as soon as possible. Marked critical, the update will patch one or more vulnerabilities in all still-supported versions of the browser, including IE6, IE7, IE8, IE9, IE10 and IE11, according to Thursday's advance notification of next week's slate.
Although IE6 was retired last month for users of Windows XP, it still receives patches when deployed on Windows Server 2003. The latter does not exit support until July 2015.
No patches will be offered to Windows XP PCs next week, in fitting with Microsoft's standard support lifecycle policy. XP was retired last month, although Microsoft made an exception May 1 when it pushed a single IE patch to the 13-year-old OS, a move that caught most by surprise. At the time, it explained that it gave the IE fix to XP customers because the latter had been retired so recently.
Apparently, a week is the difference between patching and not patching XP.
"Microsoft will include the 'out-of-band' from last week in this month's IE update," said Storms, using the term for the emergency patch Microsoft shipped May 1. "But it wouldn't hurt to double-check."
The other critical update, named "Bulletin 2" in the advanced notice, will apply to SharePoint Server 2007, 2010 and 2013. SharePoint Server has been patched twice already this year — in both January and April — as well as in December 2013.
"SharePoint is one of those critical back-end office servers, in the same bucket as Exchange and SQL Server," said Storms. "So it will be important to move gingerly and important to test properly before deploying it."
Storms also remarked on the frequency that SharePoint has been patched. "They've been patching it more than other servers," he said. In 2013, Microsoft issued eight updates for SharePoint Server; in comparison, Exchange Server, Microsoft's email server software, received four updates during the year.
Sign up for CIO Asia eNewsletters.