Lighter Patch Tuesday Will Still Keep IT On Their Toes

November may be a lighter patch Tuesday than the last, but there’s still plenty to keep IT managers on their toes.

This month’s patch load may be lighter than last, but it’s still a taxing month for Microsoft as it clamours to address vulnerabilities in Microsoft Office and Microsoft Forefront Unified Access Gateway. The three patches address eleven holes which might seem like a breeze compared to the 16 last month. The ‘critical’ bulletin addressing four vulnerabilities leaves users exposed to remote code execution attacks, meaning it’s vital that IT administrators make this patch a top priority.

A couple of other points to note about this patch are that it addresses a publically disclosed critical vulnerability in Office 2007 and Office 2010 known as “DLL Preloading and “Binary Planting.” (CVE-2010-3337)

The patch also addresses an Outlook vulnerability that could allow remote code execution by viewing an RTF file within the preview pane. This vulnerability, rated as “Important” for Office XP and Office 2003, is significant because it bucks the recent trend of critical vulnerabilities appearing in older versions of Microsoft products, while newer releases remain in the clear.

Despite an expected tidal wave of on-line Christmas shoppers, no patch was made available for the vulnerability discovered recently which exposes users of Internet Explorer versions 6, 7, and 8 to ‘drive-by’ hacks. Although Microsoft has issued advice to help mitigate this threat in the interim until a patch is made available, workarounds are not typically implemented by the majority of users themselves.

So IT teams won’t be left resting on their laurels this month as it will undoubtedly fall to them to review the suggested workaround and ensure that users are protected as best as they can be, until the risk is resolved.

After the record-breaking batch of patches released last month by Microsoft, some IT managers might be breathing a sigh of relief. However, with significant patches from Adobe, Mozilla and Linux all being released, they may want to hold off from putting their feet up just yet.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Alan Bentley is Senior Vice President of International Sales at Lumension Security. In this role, he is responsible for overseeing and driving sales and marketing efforts in Asia Pacific and EMEA. An industry veteran with over 10 years experience in the IT security industry, Alan is responsible for leading teams in EMEA and APAC and elevating brand awareness, thought leadership and increasing market penetration to drive growth in the respective markets. Prior to Lumension, Alan held executive management roles in security organisations based across the UK including Global Secure Systems and Ellipse Distribution. Prior to entering the security industry, Alan held sales roles for MAN Roland, a German based company in the printing industry and Hanson, a UK company in the construction industry. Alan holds a degree from Brunel University with a BA (Hons) in European Business Studies. He also completed his PGCE at Roehampton Institute.