Microsoft Patch Tuesday: What You Need to Know

There are 6 new Security Bulletins: 3 rated as Critical and 3 as Important. Not all Critical Bulletins are equal, though

Yesterday was Microsoft's Patch Tuesday for the month of November. There are 6 new Security Bulletins this month: 3 rated as Critical and 3 rated as Important. Not all Critical Security Bulletins are created equally though. You need to understand the implications of the flaw being patched and how it applies to your systems to determine how urgent the update is.

With one month left in 2009, Microsoft would have to have a record-breaking month in December to surpass the 78 Security Bulletins released in 2008. So, in that regard you can say its been a better year for Microsoft. It is also worth noting that this month's Security Bulletins do not affect the new Windows 7 operating system.

Some Security Bulletins may be rated Critical by Microsoft, but only impact platforms or applications you don't use so they don't pose much threat to your system. Others may be exploited by worms, or with unauthorized drive-by malicious downloads like Security Bulletin MS09-065.

According to Tyler Reguly, Lead Security Research Engineer with nCircle, says "There's no question that this month, the most important bulletin to patch quickly is MS09-065. Given the drive-by attack vector presented in Internet Explorer, combined with the Office document vector, this bulletin is dangerous and should be patched as soon as possible."

Small and medium businesses are often between a rock and a hard place when it comes to security flaws and updates. They tend to have a more diverse collection of hardware and software than consumers, but they also have to balance patching against business needs and ensure that software updates don't break applications or impact productivity.

Reguly notes "In general with SMBs, operation of the company usually seems to trump security in a big way. It's important that they remember that security is important and apply the more serious patches as quickly as possible, and roll out the remainder as soon as possible."

One issue that plagues small and medium businesses is reliance on legacy software. They don't have the budgets and enterprise licensing agreements that larger enterprises have, so they try to squeeze out every last drop of usability from an operating system or application before investing in upgrades.

"I have seen many SMB's that are still running Microsoft Small Business Server 2000 (SBS). I've seen setups where the SBS is sitting open on the internet-- these entities are affected by both the license logging service and active directory vulnerabilities (MS09-064 and MS09-066) and should probably apply the patches as soon as possible. We can always be hopeful that in 2009 few people are still running SBS 2000 but I'm sure it's still out there" says Reguly.

User education and awareness training are also critical components of mitigating against these threats. Pending the testing and implementation of the necessary patches, SMB's can prevent exploits by making sure that employees know what to avoid and how to exercise some common sense.

Reguly summarized by stating "Many enterprises have implemented training programs, but in the SMB I'm not sure that it's overly common. Ensuring users know to ignore unsolicited attachments and avoid sketchy websites is an important thing for a SMB Sys Admin to convey."

For more real-world tech solutions for small and midsized businesses--including cloud services, virtualization, and complete network overhauls--check out PC World's Tech Audit.

Tony Bradley tweets as @PCSecurityNews, and can be contacted at his Facebook page.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags MicrosoftsecurityPatch Tuesday

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?