According to the September advanced notification post, Microsoft plans to release two security bulletins next Tuesday, affecting Visual FoxPro and Microsoft System Center Configuration Manager. Microsoft only rates the bulletins as Important.
While this month’s Patch Day looks a breeze, you need to be aware of the upcoming Patch Day in October. According to a Microsoft Trustworthy Computing (TWC) blog post, October’s Patch Day will include a significant change in the way Microsoft software handles digital certificates. In a June Security Advisory, Microsoft released an optional update that forces Windows platforms to only use digital certificates with keys of 1024 bits or higher; thereby increasing the security strength of their PKI. They plan to push this update out to all customers in October.
During the time you save updating this month, I recommend you review your certificate infrastructure to ensure you are using certificates with 1024 bits or more. If you find any certificates that don’t qualify, you can reissue them before October. Otherwise, you may want to use Microsoft’s patch management software to block one of their October updates, and prevent any certificate problems.
Despite the light September Patch Day, I still recommend you download and install any patches that apply to you. I’ll know more about Microsoft’s updates on Tuesday the 11th, and will post detailed information about them here. — Corey Nachreiner, CISSP (@SecAdept)