Patch Tuesday Cracks Open a Sixer
Coat your stomach because tomorrow you'll be expected to digest a six pack of patches. Four of these will be the potent "critical" variety (which are always a bit tough to swallow), while the other two are a bit of the smoother "important" blend.
If this sounds familiar, it's because you also poured down a sixer last month. We're not sure if this is a coincidence, or if the wild swings in the number of patches are over. My guess? A coincidence.
So what are we looking at? As usual, remote code execution (RCE) is the big bugaboo (at first I wrote bug bigaboo but Word, as usual, knew better). Critical RCE vulnerabilities impact IE, .NET, Office, SQL Server and Windows. Somehow Flight Simulator came out unscathed.
On the important flaw side, there is another RCE flaw for Office and an "information disclosure flaw" in Forefront United Access Gateway. I love it when security products get patched. It seems ironic -- but heck, it's just software.
Jeff Schwartz, Redmond's executive editor, just wrapped up a look at the Trustworthy Computing initiative, now ten years old. To my mind, one of the biggest security successes is Patch Tuesday, an open and regular approach to fixing flaws in Microsoft's growing software family.
I'm a big fan of Patch Tuesday. Tell me where I'm right or wrong at email@example.com.
Posted by Doug Barney on 04/09/2012 at 1:19 PM