WatchGuard Wire
Improve Your Security IQ
Microsoft Black Tuesday: December updates correct Critical Windows,
Office, IE flaws
8 December 09 -- Today is Microsoft's last Patch Day for
2009. Happily, it doesn't look that bad with only six updates to apply
before Christmas.
This morning, Microsoft released six security bulletins, fixing a
dozen
security vulnerabilities in components that ship with Windows, Office,
and Internet Explorer (IE). Microsoft rates three of the
bulletins as Critical
and three as Important (just like last month).
The three Critical bulletins fix flaws that could allow remote
attackers to gain control of your Windows computers. These Critical
flaws affect the Windows Internet Authentication service, Microsoft
Office Project, and various components in IE. The remaining Important
flaws affect various Windows and Office components. As usual, I
recommend you apply
the Critical updates first. I'd probably start with the IE update since your clients use it regularly. Followed by the Critical
Windows update and then the critical Office update. Finish up with the
remaining Important updates.
You can learn more about these security bulletins from the tables
provided in Microsoft's
Bulletin Summary for December. Microsoft's tables (arranged in
order of severity) link directly to this month's bulletins and patches.
Expand the "Affected Software and Download Location" section of the
Summary to find a valuable table that will help you develop your own
deployment strategy.
LiveSecurity and LiveSecurity Informer subscribers will
receive more detailed information about most of these flaws, and how to
fix them, in alerts
we're working on right now. -- Corey Nachreiner,
CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
