Barney's Blog

Blog archive

Patch Tuesday Cracks Open a Sixer

Coat your stomach because tomorrow you'll be expected to digest a six pack of patches. Four of these will be the potent "critical" variety (which are always a bit tough to swallow), while the other two are a bit of the smoother "important" blend.

If this sounds familiar, it's because you also poured down a sixer last month. We're not sure if this is a coincidence, or if the wild swings in the number of patches are over. My guess? A coincidence.

So what are we looking at? As usual, remote code execution (RCE) is the big bugaboo (at first I wrote bug bigaboo but Word, as usual, knew better). Critical RCE vulnerabilities impact IE, .NET, Office, SQL Server and Windows. Somehow Flight Simulator came out unscathed.

On the important flaw side, there is another RCE flaw for Office and an "information disclosure flaw" in Forefront United Access Gateway. I love it when security products get patched. It seems ironic -- but heck, it's just software.

Jeff Schwartz, Redmond's executive editor,  just wrapped up a look at the Trustworthy Computing initiative, now ten years old. To my mind, one of the biggest security successes is Patch Tuesday, an open and regular approach to fixing flaws in Microsoft's growing software family.

I'm a big fan of Patch Tuesday. Tell me where I'm right or wrong at dbarney@redmondmag.com.

Posted by Doug Barney on 04/09/2012 at 1:19 PM


Featured

  • Azure Active Directory ID Protection 'Refresh' Now Available

    Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.