• United States



A Patch Tuesday preview

Sep 08, 20112 mins
Data and Information Security

Microsoft plans to release five “important” security updates Tuesday, Sept. 13. Amol Sarwate, vulnerability labs manager at Qualys, took a glance and dropped me this note:

This is the first patch Tuesday in recent times that does not have a single critical update. It is also a relatively small update and is consistent to the cycle of smaller patches every other month.

Top priority should be given to remote code execution Microsoft Office patches that affect Excel 2003 through Excel 2010 and Office 2003 through Office 2010. Another high priority is the Windows patch that fixes a remote code execution flaw in Windows XP, Windows Vista, Windows 7, Windows 2003 and Windows 2008.

Other patches can be evaluated at a relatively lower urgency because attackers already need lower privilege access to the target system to execute the exploit. This includes the Windows 2003/2008 and SharePoint Server 2007 security update.

We expect a smooth deployment of these patches by IT departments who are already used to the Microsoft Patch Tuesday cycles.

Though there are no critical bulletins expected, it’s worth pointing out that one company’s low-priority flaw could be someone else’s critical flaw.

CSO will bring you the full patch breakdown as soon as they come out Tuesday.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a