United States
Easy management - our secret sauce. Watch the video tour.
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Microsoft will only release a pair of non-Critical updates for March Patch Day

5 March, 2010 -- Next week's Patch Day shouldn't be too big of a deal with Microsoft intending to release only two updates. Furthermore, neither of the updates are rated critical.

According to their advanced notification bulletin for March 2010, Microsoft plans to release updates for Windows and Office next Tuesday, March 9. They rate both updates as Important - their second most severe security rating. Flaws rated as Important still may allow attackers to execute code. However, they typically require more user interaction for attacks to succeed.

Despite the light patch day, and the less than critical vulnerabilities, I still recommend administrators download and install Microsoft patches as soon as they can. In the past, other vendors like Adobe and Apple have released updates on the same day - or at least within the same week. So you might want to tell your IT staff to expect other updates next Tuesday.

As an aside, while next week's Black Tuesday may be light, patching in general is not. According to this ComputerWorld article, typical Windows users have to apply patches every five days in order to keep up with the updates for all of the software on their PCs. This stat comes from a whitepaper released by Secunia, a well-known security company. Making matters worse, users have to get these patches using many different update mechanisms, or from many different locations. In a nutshell, patching is an IT nightmare. Nonetheless, we still have to do it to stay safe. The good news is Secunia also offers a tool that might ease your patching pain. It's called Personal Software Inspector (PSI). This tool will keep track of all the software on your computer, and let you know when new patches are available. Some administrators prefer to have strict control of when they deploy updates. If you're one of them, this tool may not be for you. However, if you're a solitary user looking to keep your computer up-to-date, you may want to give PSI a try.

We'll know more about these bulletins next Tuesday, and will publish alerts about them via LiveSecurity and LiveSecurity Informer. -- Corey Nachreiner, CISSP

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.