A Patch Tuesday preview
Microsoft plans to release five "important" security updates Tuesday, Sept. 13. Amol Sarwate, vulnerability labs manager at Qualys, took a glance and dropped me this note:
This is the first patch Tuesday in recent times that does not have a single critical update. It is also a relatively small update and is consistent to the cycle of smaller patches every other month.
Top priority should be given to remote code execution Microsoft Office patches that affect Excel 2003 through Excel 2010 and Office 2003 through Office 2010. Another high priority is the Windows patch that fixes a remote code execution flaw in Windows XP, Windows Vista, Windows 7, Windows 2003 and Windows 2008.
Other patches can be evaluated at a relatively lower urgency because attackers already need lower privilege access to the target system to execute the exploit. This includes the Windows 2003/2008 and SharePoint Server 2007 security update.
We expect a smooth deployment of these patches by IT departments who are already used to the Microsoft Patch Tuesday cycles.
Though there are no critical bulletins expected, it's worth pointing out that one company's low-priority flaw could be someone else's critical flaw.
CSO will bring you the full patch breakdown as soon as they come out Tuesday.
--Bill Brenner
Print
This is the first patch Tuesday in recent times that does not have a single critical update. It is also a relatively small update and is consistent to the cycle of smaller patches every other month.
Top priority should be given to remote code execution Microsoft Office patches that affect Excel 2003 through Excel 2010 and Office 2003 through Office 2010. Another high priority is the Windows patch that fixes a remote code execution flaw in Windows XP, Windows Vista, Windows 7, Windows 2003 and Windows 2008.
Other patches can be evaluated at a relatively lower urgency because attackers already need lower privilege access to the target system to execute the exploit. This includes the Windows 2003/2008 and SharePoint Server 2007 security update.
We expect a smooth deployment of these patches by IT departments who are already used to the Microsoft Patch Tuesday cycles.
Though there are no critical bulletins expected, it's worth pointing out that one company's low-priority flaw could be someone else's critical flaw.
CSO will bring you the full patch breakdown as soon as they come out Tuesday.
--Bill Brenner
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Previous Post: McAfee report reminds me of 'Maximum Overdrive'Next Post: #FFSec: Security pros to follow on Twitter, Sept. 9
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
