Barney's Blog

Blog archive

Office Patch Primed and Prepped

It may sounds scary when I tell you the fixes set for next Tuesday plug 23 holes, but you might feel better to learn there are only seven patches.

Even more calming is the news that only three of the fixes will be classified as "critical", while the other four are merely "important".

The high vulnerability-to-patch ratio is not an anomaly. It's been that way for the bulk of this year.

Perhaps the most pressing patch is for a remote code execution (RCE) flaw in Office. And, as usual, RCE leads the charge, accounting for no less than five of the seven bulletins. The last two are fixes for a popular problem: elevation of privilege vulnerabilities.

This is all starting to sound pretty boilerplate, but please don't become complacent. That's just what the hackers want. Unpatched computers are the devil's playground.

By the way, we recently looked at the last 10 years of Trustworthy Computing and concluded that Microsoft has been working plenty hard. Unfortunately, the bad guys are working just as feverishly.

Posted by Doug Barney on 05/04/2012 at 1:19 PM


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus