This month, there are seven bulletins, of which five are critical and two are important. Fortunately, none are currently under active attack, so that should set IT’s mind at ease as they begin to apply this set of patches.
Since 2012 is coming to an end, Paul Henry, security and forensic analyst, Lumension pulled together a quick look at the numbers year-over-year. In 2011, Microsoft had 100 bulletins for the calendar year, of which 34 were critical, 63 important and three moderate. In 2012, they reduced the number of bulletins by close to 20 percent, coming in at 83 bulletins for the year, of which 35 were critical, 46 important and two moderate. According to Henry, it’s great to see that Microsoft’s Secure Coding Initiative is paying off, reducing the number of vulnerabilities in their software, resulting in an easier time for IT at Patch Tuesday time.
Another trend that’s interesting to note is Microsoft’s consistency. When you look at the numbers in-depth, you can see that in 2011, there was a bit of yo-yo’ing going on with Patch Tuesday. For example, in January, there were two bulletins, while February had 12. March then went back down to three, but April went up to 17, while May went down to two and June back up to 16. IT might have felt like they had whiplash by the end of the year! In contrast, January of this year had seven, slight increase to nine in February, then six in both March and April, and seven in both May and June. In fact, only one month – September, at three – was lower than six or higher than nine. The degree of consistency makes it easier for IT to plan out the time and effort they’ll need to spend on Patch Tuesday each month.
A motivated attacker will get into your network. The key is how quickly and accurately you are able to find the active breach. ... More >>
While many companies are deploying the latest and greatest technologies to fight back against cyber attacks, they often neglect security policy management basics. ... More >>
In commercial open source, backing from a vendor ensures the availability of product support and lets users know that the product is suited for commercial use, even for non-technical end users. ... More >>