Shavlik Statement on Today’s Patch Tuesday Releases

Microsoft has released 4 new security bulletins in the July 2010 edition of patch Tuesday. These bulletins address 5 vulnerabilities. It is not uncommon, and has become expected, for a light patch Tuesday to follow a heavy patch Tuesday release from Microsoft. Last month, Microsoft released a hefty load of patches with 10 security bulletins addressing 34 vulnerabilities.

The security bulletin that administrators should address first on their machines is MS10-042. This security bulletin addresses a currently exploited vulnerability in the wild affecting the Windows Help system. Earlier this month, this vulnerability and exploit code was released by a security researcher prompting Microsoft to release Security Advisory 2219475. For any zero day exploit, administrators should deploy the patch as soon as possible.

  - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -  
Advantages of Managed Security Services
- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

A second Security Advisory, 2028859, is being closed out with the release of Security Bulletin MS10-043. There are no current exploits being reported from Microsoft against this vulnerability although the vulnerability was publicly disclosed. The last two bulletins affect Microsoft Office programs and each can lead to remote code execution on an affected machine.

This may seem like a light patch month in the amount of effort required by administrators to protect their networks, but all administrators could have quite a work load as Windows 2000 and Windows XP SP2 have officially reached end of life support. These operating systems will no longer be supported after today’s patch Tuesday. Microsoft will not be supplying new Security Bulletins for these operating systems going forward. It is important for administrators to use this light patch month to identify these systems on their network and upgrade the machines to a supported operating system or service pack level. Unlike patching, deploying new operating systems or service packs can be quite an undertaking as it requires plenty of time and effort.

Shavlik

About Shavlik

Shavlik, a global leader in simplifying the complexity of IT management, is dedicated to significantly reducing the time-to-value for IT professionals from months to minutes. Shavlik’s Protect, Configure, SCUPdates and Management Intelligence are some of its on-premise and cloud base solutions that enable customers to manage both physical and virtual machines, deploy software, discover assets, simplify configuration, control power usage and ensure endpoint security. By bringing the sophisticated capabilities enjoyed by large companies to organizations of all sizes and types, Shavlik is driving the democratization of IT.

, ,

No comments yet.

Leave a Reply


*