Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Microsoft patches - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft patches

 Many of you would have seen the advance notification from Microsoft regarding the patches to be released on Black Tuesday.  There will be 17 bulletins 2 critical, 14 important and one moderate. Keep an eye on the diary for the day as we'll be doing our usual table with in this case likely some "adjustments" on the criticality from our perspective.  In the list are some remote code executions, elevation of privileges an a couple of denial of service attacks for good measure.  the advanced notification is here http://www.microsoft.com/technet/security/Bulletin/MS10-dec.mspx . The details of what will be released may still change of course. How these patches affect corporations will be interesting as many companies have change freezes in place this time of the year, including the application of patches.  so it is likely that the window of opportunity to attack these vulnerabilities is longer than usual.  So if you are not going to patch make sure that you have a look at them anyway, determine if you are vulnerable, and maybe what you can do to detect them. 

Those of you running office 2008 on a Mac would have noticed that a patch is being pushed out with next weeks date on it. This was the patch that wasn't ready last month when 2011 was patched. AS for next week's date? Likely it was released a little bit earlier than planned, maybe to avoid black Tuesday.

 Mark H

Mark

391 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!