November may be a lighter patch Tuesday than the last, but there’s still plenty to keep IT managers on their toes.
This month’s patch load may be lighter than last, but it’s still a taxing month for Microsoft as it clamours to address vulnerabilities in Microsoft Office and Microsoft Forefront Unified Access Gateway. The three patches address eleven holes which might seem like a breeze compared to the 16 last month. The ‘critical’ bulletin addressing four vulnerabilities leaves users exposed to remote code execution attacks, meaning it’s vital that IT administrators make this patch a top priority.
A couple of other points to note about this patch are that it addresses a publically disclosed critical vulnerability in Office 2007 and Office 2010 known as “DLL Preloading and “Binary Planting.” (CVE-2010-3337)
The patch also addresses an Outlook vulnerability that could allow remote code execution by viewing an RTF file within the preview pane. This vulnerability, rated as “Important” for Office XP and Office 2003, is significant because it bucks the recent trend of critical vulnerabilities appearing in older versions of Microsoft products, while newer releases remain in the clear.
Despite an expected tidal wave of on-line Christmas shoppers, no patch was made available for the vulnerability discovered recently which exposes users of Internet Explorer versions 6, 7, and 8 to ‘drive-by’ hacks. Although Microsoft has issued advice to help mitigate this threat in the interim until a patch is made available, workarounds are not typically implemented by the majority of users themselves.
So IT teams won’t be left resting on their laurels this month as it will undoubtedly fall to them to review the suggested workaround and ensure that users are protected as best as they can be, until the risk is resolved.
After the record-breaking batch of patches released last month by Microsoft, some IT managers might be breathing a sigh of relief. However, with significant patches from Adobe, Mozilla and Linux all being released, they may want to hold off from putting their feet up just yet.