Prior to the release of Windows 7 last week, Microsoft released a record breaking number of security updates in a single patching session on October 13th. The release of 13 security updates at once tops the previous record of 10, released in June 2009. 5 of the 13 updates were aimed exclusively at fixing issues with the new operating system to which some volume customers have had access for 2 months. In total 34 vulnerabilities have been addressed with varying levels of urgency placed on each one.
Andrew Storms, Director of security operations for nCircle Network Security, was quick to comment once the updates were announced. In a typically cryptic fashion Microsoft offered very few details about the updates before the release date and so security experts were forced to speculate about the content of such a gargantuan release.
Storms suggested before the release that the most desirable update would address the vulnerability of Server Message Block Version 2 (SMBv2). Shortly after this print sharing protocol was unveiled in early September, malicious code exploiting a weakness in SMBv2 was produced. Thankfully SMBv2 is just one of the many flaws that have been patched in the extensive updates. Since its release, various sources have highlighted other critical inclusions, such as the improvements in the security of Internet Explorer 8 when running on the new Microsoft operating system.
The updates should be considered critical by both consumers and businesses running Windows platforms and servers. Several of the updates address vulnerabilities in common applications such as Windows Media Player and the Microsoft .NET Framework which could otherwise allow remote code execution. Storms spoke of the level of care and diligence needed when dealing with the new updates. The sheer volume of the data contained within the security updates requires careful scrutiny. However, with not all of the updates classed as critical, there should be some leeway for phased implementation.
As Windows continues to be an ever popular target for digital attacks, such updates will doubtless continue to appear. Windows 7 is one of the most important releases from Microsoft in many years and as such all eyes will be on its ability to cope with security threats.