ANYONE WHO STILL tells you that Patch Tuesday is dead needs to read The INQUIRER more. Windows 10 doesn't have a monthly celebration of all its vulnerabilities as it moves to an 'as-a-service' model, but there's still plenty for other supported versions of Windows from Vista to Server 2012.
It also gives us a little insight into exactly what has been done to Windows 10 this month, albeit behind the scenes.
There are 12 bulletins in the Microsoft security update for September 2015, five of which are rated critical. Five bulletins were previously disclosed, while one has already been detected at work.
Chris Goettl, product manager at security firm Shavlik, pointed out: "Any vulnerability that has been publicly disclosed is something that you will want to pay close attention to, as public disclosure is an indicator of risk. Statistically these vulnerabilities are going to have a much higher chance of being exploited.
"This feels like a light month compared to the last few Patch Tuesdays, especially for third parties. Coming off Black Hat, the third parties that normally have regular patches had their hands forced last month to respond quickly to any vulnerability they may have had, causing a slow month this time around. Next month we should expect a Java quarterly release, along with more third-party patches."
Russ Ernst, director of product management at Heat Software, warned that this could be a record-breaking year for updates. So far there have been 105, just one short of the current record-holder, 2013, and way ahead of last year's 85.
"The reason for such a significant increase in updates this year could be attributed to a variety of factors, such as the launch of Windows 10 and other new Microsoft products," he said.
"But regardless of the reason, the now restructured team at Microsoft Trustworthy Computing is definitely staying busy. And maybe even overwhelmingly so."
Altogether 56 vulnerabilities have been given a good seeing to. The critical ones are MS15-097, which fixes 10 vulnerabilities in Microsoft Graphics and affects everything from Windows Vista to Office 2010. One of the fixes is already being exploited in Office.
MS15-099 is an Office update for remote code execution, aimed primarily at plugging malware injection in Office 2010, but it can also plague certain aspects of Office 2013.
MS15-094 is a cumulative update for IE with 12 holes plugged. Four of these also affect Microsoft's Windows 10 Edge browser.
MS15-095 affects Windows and Edge and, as such, will be sent to Windows 10. MS-098 is a remote code execution plug in Windows. MS15-098 does the same but affects only Windows.
Windows 10 users will get a single cumulative update rolled out of anything relevant later today. Ernst also pointed out that, while there are no Adobe Flash updates this month, a Shockwave out-of-cycle update has just gone out, so get installing. µ
Windows 10, 64-bit OS devices susceptible to rootkit attack
Malware suite likened to Stuxnet worm
Not the biggest fish out there
Redmond says figure is closer to the five million mark