Microsoft Patch Tuesday: What You Need to Know

There are 6 new Security Bulletins: 3 rated as Critical and 3 as Important. Not all Critical Bulletins are equal, though

Yesterday was Microsoft's Patch Tuesday for the month of November. There are 6 new Security Bulletins this month: 3 rated as Critical and 3 rated as Important. Not all Critical Security Bulletins are created equally though. You need to understand the implications of the flaw being patched and how it applies to your systems to determine how urgent the update is.

With one month left in 2009, Microsoft would have to have a record-breaking month in December to surpass the 78 Security Bulletins released in 2008. So, in that regard you can say its been a better year for Microsoft. It is also worth noting that this month's Security Bulletins do not affect the new Windows 7 operating system.

Some Security Bulletins may be rated Critical by Microsoft, but only impact platforms or applications you don't use so they don't pose much threat to your system. Others may be exploited by worms, or with unauthorized drive-by malicious downloads like Security Bulletin MS09-065.

According to Tyler Reguly, Lead Security Research Engineer with nCircle, says "There's no question that this month, the most important bulletin to patch quickly is MS09-065. Given the drive-by attack vector presented in Internet Explorer, combined with the Office document vector, this bulletin is dangerous and should be patched as soon as possible."

Small and medium businesses are often between a rock and a hard place when it comes to security flaws and updates. They tend to have a more diverse collection of hardware and software than consumers, but they also have to balance patching against business needs and ensure that software updates don't break applications or impact productivity.

Reguly notes "In general with SMBs, operation of the company usually seems to trump security in a big way. It's important that they remember that security is important and apply the more serious patches as quickly as possible, and roll out the remainder as soon as possible."

One issue that plagues small and medium businesses is reliance on legacy software. They don't have the budgets and enterprise licensing agreements that larger enterprises have, so they try to squeeze out every last drop of usability from an operating system or application before investing in upgrades.

"I have seen many SMB's that are still running Microsoft Small Business Server 2000 (SBS). I've seen setups where the SBS is sitting open on the internet-- these entities are affected by both the license logging service and active directory vulnerabilities (MS09-064 and MS09-066) and should probably apply the patches as soon as possible. We can always be hopeful that in 2009 few people are still running SBS 2000 but I'm sure it's still out there" says Reguly.

User education and awareness training are also critical components of mitigating against these threats. Pending the testing and implementation of the necessary patches, SMB's can prevent exploits by making sure that employees know what to avoid and how to exercise some common sense.

Reguly summarized by stating "Many enterprises have implemented training programs, but in the SMB I'm not sure that it's overly common. Ensuring users know to ignore unsolicited attachments and avoid sketchy websites is an important thing for a SMB Sys Admin to convey."

For more real-world tech solutions for small and midsized businesses--including cloud services, virtualization, and complete network overhauls--check out PC World's Tech Audit.

Tony Bradley tweets as @PCSecurityNews, and can be contacted at his Facebook page.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityPatch Tuesday

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?