Welcome to Microsoft Patch Tuesday

Stan Beer
Tuesday, 11 October 2005 11:00

Business IT - Security

Today, 11 October 2005, is the second Tuesday of the month, the day Microsoft has earmarked to tell us about the vulnerabilities in its software that need to be addressed, and this month there are quite a few.

Today,  Microsoft is planning to release:

• Eight Microsoft security bulletins affecting Microsoft Windows. The highest maximum severity rating for these is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and the Enterprise Scanning Tool (EST).
 
• One Microsoft security bulletin affecting Microsoft Windows and Microsoft Exchange. The highest Maximum Severity rating for this is Important. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

Neal Gemassmer, Vice President Asia Pacific, of patch management software vendor, PatchLink, says of the Microsoft announcement:

“With another Patch Tuesday just around the corner, it is extremely important that system administrators remember that the hacker community thrives on information about un-patched vulnerabilities. While it is true that the exploit clock normally starts ticking after the general patch announcement, there are sites on the web that track known unpatched vulnerabilities in vendor products, and how long those patches have been available.
 
“Clearly IT administrators shouldn’t waste any time in testing and deploying patches for October.  PatchLink recommends that customers take a best practices-based approach to patch management because deploying patches without due diligence and attention, or with inadequate tools has shown to be a flawed strategy at major corporations around the world.”
 
Isn't it comforting to know that the software running on 90% of desktops around the world has spawned an entire industry devoted to managing fixes and plugging its security holes?