News

Microsoft's September Security Bulletin Will Lack 'Critical' Fixes

This looks to be a lighter patch month, with no "critical" items making it into in September's Microsoft Security Bulletin.

To that end, the five items on this month's slate are all labeled "important."

Windows, Microsoft Office and Microsoft Server and related components are among the programs that will be touched this month. Three of these items are remote code execution considerations and the remaining will relate to elevation-of-privilege risks in the functionality of applicable products and services.

All items may require restarts.

"It's easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident" said Marcus Carey, security researcher from Rapid7, speaking on this month's light offering. "But while there are no 'critical' bulletins this month, organizations should not downplay the vulnerabilities being addressed. I know of organizations that have 30-day patch requirements for 'critical' -- which is too long in my opinion -- and up to three months to patch 'important' and below."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Industrial Control System Honeypot Illustrates Bad Security Practices

    Security solutions provider Trend Micro has published results (PDF) from running an industrial control system (ICS) "honeypot."

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.