Patch Tuesday Not Too Taxing for IT This Month, Despite Heavy Patch Count

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
Next Patch Tuesday Not Too Taxing for IT This Month, Despite Heavy Patch Count-12 Next

Henry is also hearing a lot about DDoS again this month, thanks to the attack on Spamhaus, the largest attack in history, which is being credited with attempting to “break the Internet.” Though cybersecurity attacks are occasionally blown out of proportion, in this case that’s exactly what the attack tried to do. It used misconfigured DNS servers to generate and amplify traffic for the attack.

According to Paul Henry, security and forensic analyst at Lumension, it’s another heavy month of patches this month from Microsoft. There are nine bulletins, with two critical and seven important. While nine may seem like a lot, there are a few pieces of good news this month. First, there are only two critical bulletins and most of the patches are rated important. Second, most of the impact is on the legacy code base, rather than the current code that has been impacted more than usual over the last few months. If your system is running the latest and greatest versions of software – as you should always do, since newest is usually the most secure – then you should be minimally impacted this month. And finally, Microsoft is not your biggest issue this month, despite nine patches.

As we enter into our first patch of Q2, it’s worthwhile to look at the numbers. This year, Microsoft has issued 35 bulletins so far, with an average of almost nine per month, of which about three are critical and six are important. Compare to 2012, where there were 28 bulletins by April, averaging seven per month. Though the overall number is up from 2012, the number of average critical vulnerabilities is holding steady at about three, while important vulnerabilities make up the difference, averaging four in 2012. With the number of important bulletins increasing, but critical holding steady, we can infer that Microsoft gets better every year at finding the low-risk, low-impact issues and getting them fixed in a timely manner. This is good news.

Before diving into the patches, there are a few other Microsoft issues to note, including an expected Flash update next week, which users should be prepared for. More importantly, this month marks the one year “death clock” for XP. In April 2014, Microsoft will end support for Windows XP. If you haven’t already, it’s time to start thinking about migrating to a new OS if you’re still running XP.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.