- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Patch Tuesday preview for December
Microsoft made the announcement in its advance notification message Thursday afternoon.
According to a quick analysis from vulnerability management vendor Qualys:
--The updates will affect Windows XP, Vista, and Windows 7. Only one of the critcal vulnerabiilties applies to Windows 7. On the server side, both Windows 2003 and 2008 are vulnerable, but again the newer 2008 is better than 2003, with only one vulnerability applicable.
--Five of the "important" bulletins affect Office 2003, 2007 and 2010 including all office versions for Macintosh as well. One of the remaining bulletins addresses Internet Explorer 6 through 9 and the remaining bulletins apply to all versions of Windows.
--Adobe Reader 9 users can expect an update to address the current zero-day vulnerability in Reader (and Acrobat itself).
Alex Horan, senior product manager at Core Security, made this observation in an email Thursday afternoon:
"Attackers will be drawn to the three critically rated vulnerabilities, as well as the four Remote Code Execution vulnerabilities in the Microsoft Office products. Code Execution in Office provides fresh Client Side exploit capabilities, which may have a long shelf live, given the delay administrators take in pushing patches out to users’ machines for fear of causing issues with their users ability to work.”
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government
- Thwarting DDoS Attacks with Cloud Defenses
- Data Center Insight: 6 ways to Prevent Mistakes that Have Cost others Millions
- HP & CIO: Making virtualization strategic
- Bridging the IT Gap: A Fresh Approach to Infrastructure Management
- IBM PureFlex and Flex System: Infrastructure for IT Efficiency
- Accelerating Solution Deployment with IBM PureFlex and Flex System