February looks to be a busy month for Microsoft administrators. According to the latest advanced patch notification, the Redmond-based software company plans to release a dozen security bulletins next Tuesday. The bulletins will fix security flaws in Windows, Internet Explorer (IE), Office, the .NET Framework, and Exchange server. Microsoft rates five of the bulletins as Critical, and the rest as Important.
Besides all the Windows and Windows component-related bulletins from today, Microsoft also released a relatively minor bulletin about two cross-site scripting (XSS) vulnerabilities that affect Microsoft System Center Operations Manager (SCOM) 2007.
If you, like me, are still basking in the afterglow of a relaxing holiday respite, the relentless re-introduction of Microsoft Patch Day may seem like a harsh reminder of some of the drudgery suffered by an InfoSec professional. Don’t get me wrong! Patching is one of the most effective ways of keeping your systems safe. Yet, its ceaseless nature can’t help but put me into a Sisyphean mood.
Like clockwork, Microsoft released their Advanced Notification post on Thursday, warning the world that they will release seven security bulletins for December. Next Tuesday’s bulletins will fix flaws in Windows, Office, and some of Microsoft’s Server Software.
Those hip to the patch cycle know the first Thursday of the month means an early peek at Microsoft’s plans for Patch Tuesday.
After a very light Patch Tuesday in September, Microsoft returns to more typical patch levels this month. According to their October advanced notification, Microsoft plans to release seven security bulletins next week, fixing around 20 vulnerabilities in some of their most popular products. The affect products include Windows, Office, SQL Server, Microsoft Server Software, and a few other products. Microsoft only rated one of the bulletins as Critical, and the rest as Important.
Today, Microsoft released two security bulletins describing a pair of cross-site scripting (XSS) vulnerabilities in their Server software and development tools. They rate both updates as Important. The bulletins specifically affect.
As I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important.