This month, there are seven bulletins, of which five are critical and two are important. Fortunately, none are currently under active attack, so that should set IT’s mind at ease as they begin to apply this set of patches.
Since 2012 is coming to an end, Paul Henry, security and forensic analyst, Lumension pulled together a quick look at the numbers year-over-year. In 2011, Microsoft had 100 bulletins for the calendar year, of which 34 were critical, 63 important and three moderate. In 2012, they reduced the number of bulletins by close to 20 percent, coming in at 83 bulletins for the year, of which 35 were critical, 46 important and two moderate. According to Henry, it’s great to see that Microsoft’s Secure Coding Initiative is paying off, reducing the number of vulnerabilities in their software, resulting in an easier time for IT at Patch Tuesday time.
Another trend that’s interesting to note is Microsoft’s consistency. When you look at the numbers in-depth, you can see that in 2011, there was a bit of yo-yo’ing going on with Patch Tuesday. For example, in January, there were two bulletins, while February had 12. March then went back down to three, but April went up to 17, while May went down to two and June back up to 16. IT might have felt like they had whiplash by the end of the year! In contrast, January of this year had seven, slight increase to nine in February, then six in both March and April, and seven in both May and June. In fact, only one month – September, at three – was lower than six or higher than nine. The degree of consistency makes it easier for IT to plan out the time and effort they’ll need to spend on Patch Tuesday each month.
Small and medium-sized businesses (SMBs) are vital to the U.S. economy, yet they are often the most vulnerable when it comes to cybersecurity. ... More >>
While the tech geek is busting at the seams with anticipation, the network admin is scared to death. All this technology results in bandwidth hoarding, security vulnerabilities and compliance concerns for IT departments. ... More >>
Given the fluid nature of BYOD and related security issues, the next logical step is to approach the data's security independent of the device or location. ... More >>