It’s Patch Tuesday time again. This month Microsoft has unleashed nine new security bulletins. Nine is a reasonably high number of updates, however, only two of them are rated as Critical. So, it’s actually a little more laid back than most months, but there’s still cause for concern.
There are seven security bulletins rated as Important, which affect a range of platforms and services including Active Directory, the Windows antimalware client, and the Windows Kernel. The two Critical security bulletins apply to Internet Explorer and Remote Desktop. Be prepared—most of the patches require a reboot.
Wolfgang Kandek, CTO of Qualys, suggests that IT admins focus on Internet Explorer first. “This month, the most important bulletin to apply to your infrastructure is MS13-028, which contains a new release of Internet Explorer (IE) covering all versions of the browser starting with IE6 going to IE10, and also including Windows RT, the operating system for mobile devices and tablets.”
Andrew Storms, director of security operations for nCircle (a Tripwire company), agrees that Internet Explorer deserves attention, but adds that Internet Explorer lacks its usual “patch immediately” urgency. Microsoft has assigned the underlying IE flaws with an exploit index rating of two, which indicates that Microsoft believes they are exceptionally difficult to exploit, and there’s not likely to be a successful exploit in the next 30 days.
To read this article in full or to leave a comment, please click here
Categories: General.