Microsoft Patch Tuesday: What You Need to Know

There are 6 new Security Bulletins: 3 rated as Critical and 3 as Important. Not all Critical Bulletins are equal, though

Yesterday was Microsoft's Patch Tuesday for the month of November. There are 6 new Security Bulletins this month: 3 rated as Critical and 3 rated as Important. Not all Critical Security Bulletins are created equally though. You need to understand the implications of the flaw being patched and how it applies to your systems to determine how urgent the update is.

With one month left in 2009, Microsoft would have to have a record-breaking month in December to surpass the 78 Security Bulletins released in 2008. So, in that regard you can say its been a better year for Microsoft. It is also worth noting that this month's Security Bulletins do not affect the new Windows 7 operating system.

Some Security Bulletins may be rated Critical by Microsoft, but only impact platforms or applications you don't use so they don't pose much threat to your system. Others may be exploited by worms, or with unauthorized drive-by malicious downloads like Security Bulletin MS09-065.

According to Tyler Reguly, Lead Security Research Engineer with nCircle, says "There's no question that this month, the most important bulletin to patch quickly is MS09-065. Given the drive-by attack vector presented in Internet Explorer, combined with the Office document vector, this bulletin is dangerous and should be patched as soon as possible."

Small and medium businesses are often between a rock and a hard place when it comes to security flaws and updates. They tend to have a more diverse collection of hardware and software than consumers, but they also have to balance patching against business needs and ensure that software updates don't break applications or impact productivity.

Reguly notes "In general with SMBs, operation of the company usually seems to trump security in a big way. It's important that they remember that security is important and apply the more serious patches as quickly as possible, and roll out the remainder as soon as possible."

One issue that plagues small and medium businesses is reliance on legacy software. They don't have the budgets and enterprise licensing agreements that larger enterprises have, so they try to squeeze out every last drop of usability from an operating system or application before investing in upgrades.

"I have seen many SMB's that are still running Microsoft Small Business Server 2000 (SBS). I've seen setups where the SBS is sitting open on the internet-- these entities are affected by both the license logging service and active directory vulnerabilities (MS09-064 and MS09-066) and should probably apply the patches as soon as possible. We can always be hopeful that in 2009 few people are still running SBS 2000 but I'm sure it's still out there" says Reguly.

User education and awareness training are also critical components of mitigating against these threats. Pending the testing and implementation of the necessary patches, SMB's can prevent exploits by making sure that employees know what to avoid and how to exercise some common sense.

Reguly summarized by stating "Many enterprises have implemented training programs, but in the SMB I'm not sure that it's overly common. Ensuring users know to ignore unsolicited attachments and avoid sketchy websites is an important thing for a SMB Sys Admin to convey."

For more real-world tech solutions for small and midsized businesses--including cloud services, virtualization, and complete network overhauls--check out PC World's Tech Audit.

Tony Bradley tweets as @PCSecurityNews, and can be contacted at his Facebook page.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityPatch Tuesday

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?