After last month’s super light patch day, I sort of expected Microsoft to return with a vengeance this month, by releasing tons of security bulletins on “Black Tuesday”. Happily, that’s not the case. According to their Advanced Notification alert last week, Microsoft only plans on releasing four security bulletins tomorrow; two of which they rate as Critical. The bulletins will detail remote code execution flaws in:

  • Internet Explorer (IE), rated Critical
  • Exchange, rated Critical
  • Microsoft SQL, rated Important
  • and Visio, rated Important.

After surviving months where Microsoft released over a dozen patches, four seems like a breeze. However, that’s no excuse to procrastinate applying them. The critical updates for Exchange and IE will fix flaws that could allow remote attackers to gain control of your computers. I’m particularly worried about the Exchange flaw. Any remote code execution vulnerability that affects your email server could pose a huge risk. So, our IT team is ready to download, test, and deploy these updates as quickly as possible, tomorrow.

Remember, attackers often pay as close attention to Microsoft Patch Days as we do. When Microsoft releases patches, the attackers can reverse engineer them to try and figure out how the original vulnerabilities worked. You often see exploit code for Microsoft vulnerabilities only a few days after Patch Day. Which is why we do our best to apply Microsoft’s patches as quickly as we can.

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to StumbleUpon