It may sounds scary when I tell you the fixes set for next Tuesday plug 23 holes, but you might feel better to learn there are only seven patches.
Even more calming is the news that only three of the fixes will be classified as "critical", while the other four are merely "important".
The high vulnerability-to-patch ratio is not an anomaly. It's been that way for the bulk of this year.
Perhaps the most pressing patch is for a remote code execution (RCE) flaw in Office. And, as usual, RCE leads the charge, accounting for no less than five of the seven bulletins. The last two are fixes for a popular problem: elevation of privilege vulnerabilities.
This is all starting to sound pretty boilerplate, but please don't become complacent. That's just what the hackers want. Unpatched computers are the devil's playground.
By the way, we recently looked at the last 10 years of Trustworthy Computing and concluded that Microsoft has been working plenty hard. Unfortunately, the bad guys are working just as feverishly.
Posted by Doug Barney on 05/04/2012 at 1:19 PM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the release of a publicly available and free post-incident hunting tool for organizations using Microsoft Azure, Azure Active Directory and Microsoft 365 applications.
Microsoft this week reminded organizations using Microsoft Teams Rooms devices of a coming July 1 deadline to get their licenses compliant with its relatively new Basic and Pro plans.
Simplified labeling and documentation are key to avoiding a management mess.
Microsoft this week announced a preview of custom claims providers for Azure Active Directory users.
Microsoft this week announced plans to shift the schedule for when it releases its optional nonsecurity patch previews for Windows systems.
More Tech Library