Shavlik Advanced Commentary for Next Week’s Patch Tuesday

Microsoft just announced their Patch Tuesday Advanced Notification for the April 2010 edition of Patch Tuesday. They are planning on releasing 11 new security bulletins fixing 25 vulnerabilities.

• 5 bulletins are rated Critical
• 5 bulletins are rated Important
• 1 bulletin is rated Moderate
• 8 bulletins fix vulnerabilities that can lead to Remote Code Execution

This month has both client and server systems being patched.

Affected software:

• Windows 2000
• Windows XP (x86 and x64)
• Windows 2003 (x86 and x64)
• Windows Vista (x86 and x64)
• Windows 2008 (x86 and x64)
• Windows 7 (x86 and x64) • Windows 2008 R2
• Publisher XP, 2003, 2007
• Exchange Server 2000, 2003, 2007, 2010

Microsoft has stated two security advisories will be closed on Patch Tuesday. We can assume that two of the operating system patches this month will address VBScript and SMB.

Microsoft Security Advisory (981169)
Microsoft Security Advisory (977544)

It is interesting to note that some of these products that are having patches released are not affected by the vulnerability. Microsoft has added a note to these systems with "Severity ratings do not apply to this update because the vulnerability discussed in this bulletin does not affect this software. However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers of this software apply this security update.

Murphy’s law: It is better to be safe than sorry.

Tuesday will also mark the scheduled quarterly update from Adobe for Reader and Acrobat. Adobe released their advanced notification today. Versions 9.3.1 and 8.2.1 will be patched to fix critical security issues. Adobe typically does not state how many or what issues are fixed. We will have to wait until Tuesday to find out. As with any patch Tuesday, keep an eye out for other vendors who join in on this patch release day. (We are looking at you Java 5).

Shavlik

About Shavlik

Shavlik, a global leader in simplifying the complexity of IT management, is dedicated to significantly reducing the time-to-value for IT professionals from months to minutes. Shavlik’s Protect, Configure, SCUPdates and Management Intelligence are some of its on-premise and cloud base solutions that enable customers to manage both physical and virtual machines, deploy software, discover assets, simplify configuration, control power usage and ensure endpoint security. By bringing the sophisticated capabilities enjoyed by large companies to organizations of all sizes and types, Shavlik is driving the democratization of IT.

, ,

No comments yet.

Leave a Reply


*