WatchGuard Wire
Improve Your Security IQ
Microsoft Black Tuesday: Eleven bulletins correct flaws in Windows,
Office, and Exchange
13 April, 2010 -- Right on schedule, Microsoft has posted today's
Patch Day updates. As
expected, they released eleven security bulletins that fix a total
of 25 security vulnerabilities in Windows, some Office products, and
Exchange Server. They rate five of the Windows flaws as Critical, five
as Important, and one as Moderate.
I don't really have much to say about the order in which you
should patch, other than to take the updates in order of severity;
Critical first, Important second, and Moderate last. However, none of
the fixes jump out at me as particularly more important
than the others. That said, once they've gained a foothold on your
network, attackers often leverage SMB code execution vulnerabilities
to gain control of multiple computers on your network . So you
might want to get to the SMB
update early. Also, the Exchange vulnerability isn't overly severe
(it's just a Denial of Service issue, not a code execution issue), but
attackers tend to target server class vulnerabilities quickly. So you
may want to patch it before the other Important updates.
You can learn more about these security bulletins from the tables
provided in Microsoft's
Bulletin Summary for April. Microsoft's tables (arranged in
order of severity) link directly to this month's bulletins and patches.
Expand the "Affected Software and Download Location" section of the
Summary to find a valuable table that will help you develop your own
deployment strategy.
LiveSecurity and LiveSecurity Informer subscribers will
receive more detailed information about most of these flaws, and how to
fix them, in alerts
we're working on right now. -- Corey Nachreiner,
CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
