Security Advisor

Another Light Patch Tuesday: Calm Before the Storm?

Has two small security updates in a row put you in a state of complacency?

When I saw Microsoft's puny patch rollout last month (no "critical" items and only two "important" items), I figured that Microsoft's security team were taking it easy, getting all their summer vacation time out of the way before its October launch craziness.  And I would have expected the last Patch Tuesday before Windows 8 descends upon us would be packed to the brim with RCE fixes for Windows, Internet Explorer cumulative security bulletins and hole patches for all products featuring the Microsoft name.

I couldn't have been more wrong.

Microsoft followed up its light offering with yet another small security update -- this time there was one critical bulletin item and six important items.

The lone critical update fixes an RCE flaw in Office that could lead to your system getting jacked if a malicious RTF file is previewed or opened. But, don't act too hastily; the vulnerability hasn't been figured out by attackers yet. So do your due diligence when testing. However, attackers won't be in the dark for too long, so taking your time with testing doesn't mean this can sit on the back burner for a while.

Just because Microsoft didn't want us to feel spoiled with a light workload, this month's patch also comes with two security advisories. The first is for that RCE certificate length change I've been nagging you about for the past few months. The big news this time around is that your option to download the update is no longer an option -- it is now mandatory. If you have automatic updating on, chances are you've already got it.

As for the second advisory, Microsoft found a flaw where its digital certificates were flying out the door without the correct timestamps. Flaw found and fixed. End of story.

What do you expect for November's Patch Tuesday? Are we going to be in for a colossally huge security update? Or will Microsoft, once again, take it easy on us? And what do you think is the over/under on Windows 8 getting a fix so soon after its arrival? Let me know in the comments below.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube