According to Paul Henry, security and forensic analyst at Lumension, it’s another heavy month of patches this month from Microsoft. There are nine bulletins, with two critical and seven important. While nine may seem like a lot, there are a few pieces of good news this month. First, there are only two critical bulletins and most of the patches are rated important. Second, most of the impact is on the legacy code base, rather than the current code that has been impacted more than usual over the last few months. If your system is running the latest and greatest versions of software – as you should always do, since newest is usually the most secure – then you should be minimally impacted this month. And finally, Microsoft is not your biggest issue this month, despite nine patches.
As we enter into our first patch of Q2, it’s worthwhile to look at the numbers. This year, Microsoft has issued 35 bulletins so far, with an average of almost nine per month, of which about three are critical and six are important. Compare to 2012, where there were 28 bulletins by April, averaging seven per month. Though the overall number is up from 2012, the number of average critical vulnerabilities is holding steady at about three, while important vulnerabilities make up the difference, averaging four in 2012. With the number of important bulletins increasing, but critical holding steady, we can infer that Microsoft gets better every year at finding the low-risk, low-impact issues and getting them fixed in a timely manner. This is good news.
Before diving into the patches, there are a few other Microsoft issues to note, including an expected Flash update next week, which users should be prepared for. More importantly, this month marks the one year “death clock” for XP. In April 2014, Microsoft will end support for Windows XP. If you haven’t already, it’s time to start thinking about migrating to a new OS if you’re still running XP.
IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ... More >>
Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ... More >>
Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ... More >>