Patch Tuesday: Microsoft to release 6 patches, 1 critical
Microsoft, Patch Tuesday for March: A continued drop in critical security  bulletins has the security community overlooking a rise in total patches issued  this year.
Microsoft announced today that next week's Patch Tuesday will be the lightest of  2012, with six security bulletins and just one rated critical.
More: Windows 8's 8 top apps (so far)
RELATED: Microsoft patch blows 'perfect game' but sends important message
The critical patch will pertain to all Windows customers as it addresses a  vulnerability that affects the entire family of the operating system, up to and  including Windows 7.
Four of the patches address vulnerabilities in Windows, including the critical  patch for a remote code execution vulnerability and the moderate patch for a  denial-of-service exploit. The remaining two patches, both rated important,  target an elevation of privilege vulnerability in Visual Studio and a remote  code execution in Expression Design, respectively.
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
With six patches this month, Microsoft's total for the year will reach 22, up  from the 17 bulletins issued through March of 2011. The total for the month also  exceeded that of last year, when Microsoft issued just three bulletins.
The year-over-year increase comes just one month after Microsoft was able to  reduce its total number of bulletins issued in February from 12 in 2011 to nine  this year. And while the year is still young, Microsoft is in danger of  surpassing the 100 bulletins issued in all of 2011.
However, Lumension security and forensic analyst Paul Henry says those numbers  are a poor representation of Microsoft's progress with security. Citing recent  improvements, as well as the novelty that its Internet Explorer web browser went  "at least somewhat spared" during the Pwn2Own conference at which Google Chrome  took a beating, Henry says the main point to focus on is the decrease in  severity of vulnerabilities.
"I think they're doing a better job. They've got the processes in place to  better manage their software development in line with security," Henry says.  "They really have put a great deal of effort into this, and if you look at the  longer-term trend, I think they're really starting to bear some fruit from it."
Both the security community and IT support professionals will welcome an  increase in total patches issued if it means the number of critical patches  remains low, Henry says.
"Part of the reason for that is that Microsoft, having cleared a large number of  critical issues, is now focusing a lot of its attention on moderate and  important issues and is just trying to clean things up," Henry says. "So the  number of bulletins won't actually go down, but the critical bulletins  absolutely will."
Just 32 of the 100 patches Microsoft issued throughout 2011 were deemed  critical, the lowest rate since the Patch Tuesday routine launched in 2004. So  far this year, Microsoft has issued six critical vulnerabilities, putting it on  pace to reduce that rate by 25%.
Colin Neagle covers Microsoft security and network management for Network World.  Keep up with his blog: Rated Critical, follow him on Twitter: @ntwrkwrldneagle.  Colin's email is cneagle@nww.com.
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
 

 

No comments:
Post a Comment