Barney's Blog

Blog archive

Patch Tuesday Cracks Open a Sixer

Coat your stomach because tomorrow you'll be expected to digest a six pack of patches. Four of these will be the potent "critical" variety (which are always a bit tough to swallow), while the other two are a bit of the smoother "important" blend.

If this sounds familiar, it's because you also poured down a sixer last month. We're not sure if this is a coincidence, or if the wild swings in the number of patches are over. My guess? A coincidence.

So what are we looking at? As usual, remote code execution (RCE) is the big bugaboo (at first I wrote bug bigaboo but Word, as usual, knew better). Critical RCE vulnerabilities impact IE, .NET, Office, SQL Server and Windows. Somehow Flight Simulator came out unscathed.

On the important flaw side, there is another RCE flaw for Office and an "information disclosure flaw" in Forefront United Access Gateway. I love it when security products get patched. It seems ironic -- but heck, it's just software.

Jeff Schwartz, Redmond's executive editor,  just wrapped up a look at the Trustworthy Computing initiative, now ten years old. To my mind, one of the biggest security successes is Patch Tuesday, an open and regular approach to fixing flaws in Microsoft's growing software family.

I'm a big fan of Patch Tuesday. Tell me where I'm right or wrong at dbarney@redmondmag.com.

Posted by Doug Barney on 04/09/2012 at 1:19 PM


Featured

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.