Barney's Blog

Blog archive

Office Patch Primed and Prepped

It may sounds scary when I tell you the fixes set for next Tuesday plug 23 holes, but you might feel better to learn there are only seven patches.

Even more calming is the news that only three of the fixes will be classified as "critical", while the other four are merely "important".

The high vulnerability-to-patch ratio is not an anomaly. It's been that way for the bulk of this year.

Perhaps the most pressing patch is for a remote code execution (RCE) flaw in Office. And, as usual, RCE leads the charge, accounting for no less than five of the seven bulletins. The last two are fixes for a popular problem: elevation of privilege vulnerabilities.

This is all starting to sound pretty boilerplate, but please don't become complacent. That's just what the hackers want. Unpatched computers are the devil's playground.

By the way, we recently looked at the last 10 years of Trustworthy Computing and concluded that Microsoft has been working plenty hard. Unfortunately, the bad guys are working just as feverishly.

Posted by Doug Barney on 05/04/2012 at 1:19 PM


comments powered by Disqus

Subscribe on YouTube