Barney's Blog

Blog archive

Patch Tuesday Cracks Open a Sixer

Coat your stomach because tomorrow you'll be expected to digest a six pack of patches. Four of these will be the potent "critical" variety (which are always a bit tough to swallow), while the other two are a bit of the smoother "important" blend.

If this sounds familiar, it's because you also poured down a sixer last month. We're not sure if this is a coincidence, or if the wild swings in the number of patches are over. My guess? A coincidence.

So what are we looking at? As usual, remote code execution (RCE) is the big bugaboo (at first I wrote bug bigaboo but Word, as usual, knew better). Critical RCE vulnerabilities impact IE, .NET, Office, SQL Server and Windows. Somehow Flight Simulator came out unscathed.

On the important flaw side, there is another RCE flaw for Office and an "information disclosure flaw" in Forefront United Access Gateway. I love it when security products get patched. It seems ironic -- but heck, it's just software.

Jeff Schwartz, Redmond's executive editor,  just wrapped up a look at the Trustworthy Computing initiative, now ten years old. To my mind, one of the biggest security successes is Patch Tuesday, an open and regular approach to fixing flaws in Microsoft's growing software family.

I'm a big fan of Patch Tuesday. Tell me where I'm right or wrong at [email protected]

Posted by Doug Barney on 04/09/2012 at 1:19 PM


Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus