Good hackers try to find ways in so the holes can be closed, while bad guys look for flaws so they can steal money, computing power, information and more, and as always, it’s important to ensure you’re patched - and it's important that companies like Microsoft patch as promptly as possible.
The Technet blog posting of Microsoft’s Advance Notice for July 2012, which the company says is “per its usual cadence”, shows 16 vulnerabilities broken into 9 bulletins, with 3 of those bulletins listed as “critical”, while the other 6 are “important”.
Despite the fact Angela Gunn from Microsoft’s Trustworthy Computing division states that the advance notice release is “per our usual cadence”, Andrew Storms, the director of security operations for nCircle sees it a little differently.
Mr Storms states: “Looks like we are going to get some unanticipated IE fireworks this month.
“Usually, Microsoft patches IE every other month, and we just got a cumulative update in June.
“That's why it's so surprising to see that IE9, the 'most secure' version of IE, will be patched next week. It's pretty safe to say this bulletin will patch something pretty serious”.
Adding to what Mr Storms sees as a July patch surprise concerns Microsoft’s June 12 security advisory for “core XML services”, with Mr Storms saying there was “no mention of this bug being patched in today's notification”.
He added that “if a bug with an advisory is going to be patched, MSRC will mention it in their advance notification blog post.
“If Microsoft doesn't patch this bug it's going to cause some heartburn for IT security teams. We've already seen reliable reports that the exploit for this bug has been included in several popular attack tool kits,” Mr Storms concludes.
Clearly, the need to patch fast is important, and sometimes companies such as Apple and Microsoft take far too long to release patches, giving the bad guys time and space to move and make an unpatched vulnerability situation a lot worse, but if you’re enjoying the magic of software, the black magic of software vulnerabilities is the elephant in the room that the software magicians still haven’t been able to make disappear.
Happy patching next week!