WatchGuard Wire
Improve Your Security IQ
July's Patch Day Brings Four Patches to Windows and Office
9 July, 2010 --It's that time of the month again for
Microsoft administrators. Windows is bloated with security
vulnerabilities, but Patch Day relief is coming soon.
Today, Microsoft posted their Advance
Patch Notification alert for July, announcing that they plan to
release four security bulletins on July 13th; two for Windows and two
for Office. They rate three of the bulletins as Critical.
I'm hoping one of the Critical Windows bulletins fixes that zero day
vulnerability in Windows Help Center, which I mentioned in a previous
Wire post. I was upset that Ormandy, a Google researcher, disclosed
this vulnerability without giving Microsoft time to patch, as his
detailed disclosure practically teaches attackers how to leverage the
flaw. It appears my concern wasn't misplaced, as attackers started
exploiting that flaw in the wild shortly after its disclosure. In
any case, you'll want to patch all of Microsoft's Critically rated
vulnerabilities as soon as you can, since they tend to allow attackers
to gain control of your computer. With only four updates, you shouldn't have too much trouble testing and installing them quickly.
We'll know more about Microsoft bulletins on Tuesday, July 13,
and will publish alerts about them via LiveSecurity and LiveSecurity
Informer.
On semi-related note, Adobe usually uses the second Tuesday of every
month as thier patch day as well. However, Adobe already released an early,
out-of-cycle update for Reader and Acrobat late last month. So I
don't expect them to release anything significant next Tuesday. -- Corey
Nachreiner, CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
