Friday, February 12, 2010
Microsoft Warns of Record Patch Tuesday
January was an exceptionally light month for Microsoft security bulletins, with only one released on schedule on Patch Tuesday. However, revelations about an Internet Explorer zero-day exploit being used to launch attacks against Google and other companies in China led Microsoft to also issue an out-of-band update addressing the vulnerability in the Web browser.
Tyler Reguly, senior security engineer for nCircle expressed some "sticker shock". "As an information security professional, the first word that comes to mind when I see this advanced notice is "yikes!". nCircle VERT works all night to deliver local and remote detection to customers and this many bulletins means a long night requiring plenty of caffeine."
Reguly added "I'm most intrigued by bulletin number nine in the advanced notification. I'm curious to know what issue it is that plagues only Server 2008 and Server 2008 R2 in x64 configurations."
Jerry Bryant, senior security communications manager for Microsoft, described the upcoming Patch Tuesday in a blog post. "This month, we will be releasing 13 bulletins--five rated Critical, seven rated Important, and one rated Moderate--addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office."
Bryant's blog post also contains a table which lays out a grid describing Microsoft's guidance for urgency of deployment based on platform. Windows 2000 and Windows XP, the oldest operating systems tracked on the grid, are impacted the most by security issues rated as Critical.
Microsoft is scheduled to end all support for Windows 2000 and for Windows XP SP2 effective July 13, 2010. Bryant says "We encourage customers to upgrade to the latest versions of both Windows and Office. As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built in to these products."
Businesses still on Windows 2000 will be forced to upgrade to some other version of Windows, or an alternate operating system, or simply continue to rely on the archaic platform with the knowledge that Microsoft will no longer support or update it. pcworld