IT departments should stock up on coffee and snacks in anticipation of Microsoft's monthly Patch Tuesday next week. Although there are only six bulletins, four of them are rated critical and five could lead to remote attacks. These updates may require some heavy lifting.
In addition to normal updates for Windows computers, Microsoft's November Patch Tuesday will also bring with it critical security updates for Windows RT, and the brand new Surface tablet it runs on, for the very first time.
The updates, which will be pushed out to customers on Nov. 13, are crucial for nearly every Windows customer. Whether you run Windows XP (the oldest operating system Microsoft still supports), Windows Vista, Windows 7, Windows 8 or Windows RT, you will need to update your device in order to stay safe from online crime. (Even Mac OS X users get a Microsoft Office for Mac security update.)
This will be Windows 8's first official Patch Tuesday as well. The brand-new OS, which hit store shelves at the end of October, has already been patched three times. (Before its debut Oct. 26, pre-release versions of Windows 8 were downloaded and installed by thousands of users.)
Despite that, Windows 8 is considered much more secure than its predecessors. Networkworld points out that "legacy code" from older operating systems may be to blame for the vulnerabilities Windows 8 shares with its siblings..
The updates will protect users from several vulnerabilities, including one in Internet Explorer 9 that could lead to man-in-the-middle attacks.
The soon-to-be-patched vulnerabilities aren't yet being exploited by hackers in a widespread way, but unlike October's light patch ahead of the Windows 8 release, this one will be more robust.
It's not clear whether the updates patch the "zero-day" vulnerabilities in Windows 8 and Internet Explorer 10 that were found last week by French professional bug-hunters VUPEN.
The bad boys of the information-security industry, VUPEN famously doesn't disclose vulnerabilities it finds to makers of affected software. Instead, the company sells the vulnerabilities to a private list of clients, presumably government intelligence agencies and militaries.
Microsoft schedules security updates on the second Tuesday of each month. Earlier this week, Adobe announced that it would begin syncing its own Flash Player update with Microsoft’s Patch Tuesdays.
Follow Ben on Twitter.