As I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important.
If you have either of these products, you should apply today’s patches at your earliest convenience, despite their low severity. If you don’t use either of these products, you’re off the hook this month (whoohoo). However, don’t forget to check your certificate infrastructure to make sure you are using 1024 bit certificates by October.
Also, if you use any Cisco products, Microsoft also released a Cisco-related Security Advisory today. The advisory includes a roll-up patch that sets the Killbit for a few different Cisco ActiveX controls. This prevents the 3rd party controls from working in IE, due to vulnerabilities in them. Microsoft administrators should probably apply this update as well.
Finally, Adobe holds their Patch Day today. They only released one security bulletin for ColdFusion. The update fixes a denial of service (DoS) vulnerability in ColdFusion 10 and earlier, running on any platform. If you use ColdFusion, make sure to apply that patch, too.
I’ll release a more detailed alert about the Microsoft issues here shortly — Corey Nachreiner, CISSP (@SecAdept)