Thursday 16 June 2016

June Patch Tuesday delivers five critical updates and (hopefully) the end of QuickTime

A few months ago, we saw the end of Oracle JAVA Plugin support, and now we see the end of QuickTime with the call to remove it from your systems. If only we could get rid of Adobe Flash. For this June Patch Tuesday, we won’t see an update to Adobe Flash from Microsoft, but we may see an update from Adobe later this month. With 16 updates for June, we already have enough to worry about. Microsoft has released five critical updates and the remaining 11 patches are rated as important, covering a total of 44 vulnerabilities. This month looks like a pretty straightforward update cycle, with some very targeted updates from Microsoft which should have a low to moderate risk for deployment.

You can also read about Patch Tuesday from Chris Goettl's blog found here.  Chris also products a great infographic each month that summarises Patch Tuesday that is definitely worth a look.

You can read more about this Patch Tuesday on the Computer World column found here.

Wednesday 8 June 2016

Critical updates for IE, Edge and Flash for this May Patch Tuesday

Historically, May has been a big month for Microsoft updates. This May, we see 16 updates, covering all versions of Windows, IE and Edge as well as an update for Adobe Flash player.

With eight updates rated as critical and the remaining patches rated as important, Microsoft seems to have adopted a new clustering approach to patches. We have seen pairings of IE and Edge in the past, but this month we see core components (VBscript and JScript) linked with browser updates. In addition, we also have kernel updates linked to kernel mode driver updates (MS16-060 and MS16-061). We are also missing MS16-063! And, this month we also get the benefit of a nice looking infographic from Shavlik.

You can read more about this ComputerWorld article here

Critical updates for IE, Edge and Adobe Flash for April Patch Tuesday

This April, Microsoft has released another large batch of Windows updates with six rated as critical and the remaining seven rated as important.

Although there has been a large amount of hype relating to the latest security scare (BadLock), the real issue this month is the Adobe Player vulnerability addressed in MS16-050. Both Microsoft browsers require urgent updates due to more memory corruption issues (MS16-037 and MS16-038). I am not quite sure that Microsoft does this deliberately, but it seems that every month, the second to last update rated as important could be considered a little “worrisome.” This month it's MS16-048, which updates a key windows system (that handles logins) that may require some additional testing before production deployments.

Here’s the link to Shavlik’s helpful Patch Tuesday infographic that outlines the risks and exploitability of all these patches.

You can read more about this ComputerWorld article here.  

Five critical updates for March Patch Tuesday

Following Microsoft’s recent practice of issuing large updates covering multiple versions of Microsoft IE, Office as well as both desktop and server OS platforms, the 13 updates for March probably represents the new “average” Patch Tuesday payload. Five of the updates are rated as critical, while the remaining eight are rated as important, together covering 44 newly reported security vulnerabilities. In addition to these Microsoft patches, I expect that we will see an update to Adobe’s Flash player.

If you are looking for a helpful infographic for this month’s patch cycle, check out Shavlik’s latest offering here.

You can read more about this ComputerWorld article here.  

February brings Patch Updates to IE and Flash

This month Microsoft returns to form with 13 patches, with six rated as critical and the remaining seven rated as important. You’ll notice that MS16-010 is missing -- that’s because it was released last month on January 12th, with the standard January update cycle.

As always, I recommend a reboot after installing these updates, even if not explicitly required by Microsoft. In addition, some attention may be required on MS16-022 (the update to Adobe Flash Player) and the two kernel mode updates MS16-016 and MS16-018.

Shavlik is now producing a monthly infographic on Patch Tuesday which can be found here.

The Computer World posting can be found here.

Six critical updates for January Patch Tuesday

Microsoft has started the year with a truly unusual Patch Tuesday. There are nine updates for January, with six rated as critical and the remaining three rated as important (the reverse of the usual distribution in terms of severity). January has a couple of additional surprises. First, it looks like MS16-009 did not make this Patch Tuesday release at all and may only surface later this month. Secondly, we see what has been rated as an important update withMS16-008 may contain the most severe vulnerability and the most risky patch contents.

Thanks to Shavlik this month for their very helpful summary infographic detailing this January Patch Tuesday. 

You can read more here