The State of the Microsoft Desktop
Customers are taking a piecemeal approach to Windows 7 and Office 2010 upgrades.
Microsoft shipped a massive Patch Tuesday update this week that resolves a total of 64 vulnerabilities spread across 17 security bulletins. Affected system components include a broad swathe of Microsoft's products, such as Windows, Office, Internet Explorer, Visual Studio, the .NET Framework and GDI+. More importantly, nine of the bulletins were graded at the highest rating of "critical," while the remaining eight were ranked as "important."
Given the number of serious updates involved, small- and mid-sized businesses thinking of holding off on this update are advised not to put it off. This is because all but two of the bulletins allow for the possibility of remote code execution, which are scenarios where remote hackers are able to run unauthorized applications.
As I highlighted in yesterday's blog on the database break-in at Barracuda Networks, responsible SMBs must prioritize patching instead of relegating them to non-peak seasons. This is due to the rise of sophisticated tools, as well as the speed at which new security flaws are "weaponized" and distributed for use by legions of less-skilled hackers. Note that many of these updates may require system restarts and hence necessitate the scheduling of maintenance downtime if applied on server machines.
Speaking to Windows IT Pro, Jerry Bryant, who is the Microsoft group manager of response communications in the trustworthy computing group, also highlighted a couple of additional updates that IT administrators will be interested in: An update to 64-bit Winload.exe to prevent certain rootkits (Security Advisory 2506014) and the backporting of Office 2010 file validation for users of Office 2003/2007 (Security Advisory 2501584). The former will also make it easier for third-party, anti-malware applications to detect and eliminate rootkits.