Record patch Tuesday: What you need to know

Microsoft is putting out 17 security bulletins, and IT admins have little time to apply the patches before the holidays

Today is the final Microsoft Patch Tuesday for 2010. It has been a busy year for Microsoft when it comes to security bulletins, and December is no exception as Microsoft closes out the year with a record 17 security bulletins. With only a week or so until many IT admins plan to kiss 2010 goodbye and break for the holidays, it is important to understand and prioritize the latest patches for quick implementation.

Joshua Talbot, security intelligence manager for Symantec Security Response breaks down the 2010 milestones for Microsoft. "Seventeen bulletins are the most ever issued in a single month. Also, Microsoft has now released 106 security bulletins in 2010--the first time topping the century mark since the Patch Tuesday program began. The next closest was 78 in 2006 and 2008. Finally, by Symantec's count Microsoft far surpassed the number of vulnerabilities patched in a single year with 261. The previous record was 170 set last year."

Depending on your perspective, 2010 either proves just how flawed and vulnerable Microsoft software is, or it illustrates how successful Microsoft has been at identifying and resolving vulnerabilities. I tend to side with the perspective that the software itself is not any more flawed than previous years--in fact possibly less--but that Microsoft has become more agile at addressing vulnerabilities as they are discovered.

A Microsoft spokesperson sent along some guidance. "Microsoft encourages customers to test and deploy all updates as soon as possible to help prevent criminal attacks on their computers."

Microsoft provides the Severity and Exploitability Index, as well as a Deployment Priority guide to help IT admins asses the risk and prioritize the updates. As a part of that guidance, Microsoft stresses that the two Critical security bulletins--MS10-090, the security bulletin addressing Internet Explorer vulnerabilities, and MS10-091, the security bulletin related to flaws in the Windows operating system--be given priority attention.

Andrew Storms, Director of Security Operations for nCircle, agrees with the urgency for the IE update. "The most important bug this month is clearly the IE update that includes a fix for the outstanding zero-day bug discovered in early November. With more and more people shopping online this time of year, it's important for everyone to patch their browsers."

"Many of the patches are deemed as "important," and a very low amount marked as "critical" vulnerabilities," said Dave Marcus, director of security research and communications at McAfee Labs. "It seems the majority of Patch Tuesday's are bringing record numbers of updates, and other applications from Adobe, Oracle have increasing numbers as well. The threat landscape is clearly broadening, and if organizations wait to patch, it gives cybercriminals an opportunity to exploit data."

A spokesperson for Webroot e-mailed me to stress that IT admins go the extra mile to test and implement patches as quickly as possible before taking off for the holidays. "People should apply the patches as soon as they can to remain fully protected against malware. It doesn't take exploit kit creators long to build new exploits once patches have been released, so getting the fixes applied before new exploits hit the net is going to be a race against time."

Webroot also points out that most of the patches require a reboot to complete, and that systems that update while users are away over the holidays could be at risk of losing data in open files on the desktop. Webroot suggests, "People might want to either fully power down a work PC if you're going to be away from the office or at least save all your work and close any open apps so you don't lose anything when Windows Update tries to force the PC to reboot during the patch installation."

Tags network securityfirewallssecurityMicrosoftpatches & drivers

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?