Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Microsoft, Adobe unleash flood of security updates

It is a light Patch Tuesday for Microsoft, but with 13 updates from Adobe as well IT admins could be in for a busy week.

Today is Patch Tuesday again. The ninth of the year already. Microsoft has released five new security bulletins, and Adobe has joined the party with some security patching of its own today. With all of the vulnerabilities and updates, though, you need to take a step back to prioritize and figure out which patches are most urgent.

Actually, today is a bit anti-climactic. Due to human error the full security bulletins were made public briefly on Friday, so there has already been a four-day heads up of what to expect. But, now that the security bulletins and associated patches are legitimately public, it's time to take a closer look.

Five security bulletins isn't the lightest month ever, but it is far fewer than some of the Patch Tuesday avalanches we have seen. What is even more unique is that none of the five security bulletins are rated as Critical. All five of the bulletins--MS11-070 through MS11-074--are all rated Important.

"Although none of this month's patches are rated critical, we strongly urge users to pay extra close attention to the Office Uninitialized Object Pointer Vulnerability," said Joshua Talbot, Security Intelligence Manager for Symantec Security Response. "It seems to be a fairly easy to exploit memory corruption issue and leverages extremely common Word files to attack users' computers."

Tyler Reguly, Technical Manager for Security Research and Development at nCircle, explains, " If you're prioritizing bulletins today, it's pretty simple: Excel (MS11-072) comes first, followed by the rest. Some of the more interesting patches (Sharepoint and WINS) only apply to certain software configurations."

Talbot also stresses, though, "Despite the number of patches Microsoft issued today, it's important to not let the out of band advisory Microsoft updated last week slip through the cracks. The advisory essentially revokes Microsoft's trust of various DigiNotar certificates."

Andrew Storms, Director of Security Operations for nCircle concurs on the urgency of the DigiNotar trust revocation. "Microsoft continues its effort to be vigilant about the DigiNotar certificates and is releasing another DigiNotar update. This time it is 'nuking' more certificates related to DigiNotar, specifically ones that were cross-signed by other certificate authorities. Anything and everything associated with DigiNotar is getting purged."

Symantec's Talbot urges, "This update should probably be kept at the top of IT admins' to-do lists--even before any of today's patches-- as there are attacks occurring in the wild leveraging the compromised certificates."

The Microsoft Patch Tuesday is overshadowed to some extent by Adobe's security patch release.

Storms cautions, "In what might be a first time event, Adobe released a batch of 13 CVE's early this morning before the Microsoft patch. It's a definitely improvement over their previous late afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome--remote code execution."

Make sure you check out the patches released by Microsoft and Adobe today and apply the appropriate updates to protect your systems.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe Systems, Microsoft, network security, patches, patches & drivers, phishing, security, spam, symantec, viruses
Latest Blog Posts
Whitepapers
  • HTML5 and security on the new web
    There are lots of changes happening to the key technologies that power the web. The new version of HTML, the dominant web language, offers impressive enhancements for rich web applications. But as HTML5 comes into greater use we’ll see new security issues arise. It’s typical for a new technology to have defects and pitfalls. And although the standard is still being defined, it's already being implemented. So how does HTML5 stand up to security scrutiny?
    Learn more »
  • Oracle Exadata: Extreme Performance Lowest Cost
    As organisations contend with escalating demands for greater quantities of information, more sophisticated data analysis, and a burgeoning user population, Oracle Exadata makes database workloads faster, easier to manage, and less expensive. Oracle Exadata is the world’s first database machine to provide extreme performance for both data warehousing and online transaction processing (OLTP) applications.
    Learn more »
  • Think print, Think security - Plugging the printer security gap
    The widespread use of networked printers and multifunction peripherals (MFPs) which scan, print, fax, copy and email has increased productivity in the production of all types of business output. However, the growing sophistication of these devices has also increased security risks associated with printing. Network connectivity, along with hard disk and memory storage, means that MFPs are now susceptible to many of the same security risks as PCs and servers alongside the traditional risk of sensitive printed output getting into the wrong hands. However, all too often the security of the print environment is overlooked and little is done to mitigate these threats. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments