Barney's Blog

Blog archive

Light Patch Batch

This month's Patch Tuesday is almost shockingly small with just one "critical" flaw. The flaw is yet another remote code execution (RCE) hole. This time the lure is a Rich Text file that, if opened or just viewed, can give the hacker your user privileges. The good news is it hasn't been exploited yet -- so if you haven't installed the patch you still have time. Experts, however, believe there are those that are working on attacks as we speak, so don't dilly dally too long.

There were also six important bulletins, including more RCE flaws, an elevation of privilege issue, a cross scripting flaw and a denial-of-service problem.

How does Microsoft's very public patching approach compare to other vendors? Answers welcome at dbarney@redmondmag.com.

Posted by Doug Barney on 10/10/2012 at 1:19 PM


comments powered by Disqus

Reader Comments:

Wed, Oct 10, 2012 ibsteve2u Commonwealth of Pennsylvania

I'm with HandyAndy...even using a WSUS server, the patches hit in two waves, and both waves - the latter, apparently become of "changing the minimum encryption length" - both triggering reboots. If you're like me and running multicores such as 980xs so you can run multiple VMs on physicals so you can drive yourself crazy multitasking, 17 to 19 patches times virtual/physical combination ain't "light". "Light" is a beer, not a Microsoft Patch Tuesday.

Wed, Oct 10, 2012 HandyAndy North Carolina

19 patches to most of my desktops and a dozen to most servers is not what I would call a light patch Tuesday.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.