It’s Microsoft Patch Day and I have a question for you. How quick are you at applying software updates? Do you jump on them within the day; a week, or are you months behind?
If you are one of the many who fall behind, know that patching is one of the practices that can most improve your security posture. I recommend you take this opportunity to improve your patching practices with a small challenge. Try to test and deploy all of today’s patches before Turkey Day (Thanksgiving, Nov. 22). That way you can enjoy a guilt-free feast, knowing your network is relatively safe and secure. If you accept this challenge, here’s what you are in for…
Today, Microsoft released six security bulletins fixing 19 vulnerabilities in many of their popular products, including:
- Windows (all versions)
- Internet Explorer (IE)
- Excel (part of Office)
- .NET Framework
- IIS Server
They rate four of the bulletins as Critical, one as Important, and one as Moderate. For more details, check out this November bulletin summary, or wait for our detailed alerts.
With so many critically rated issues, it’s hard to recommend a patch order. I would personally apply the IE update first, since attackers often exploit web browser issues in drive-by download attacks. Follow that with the Critical Windows updates, but don’t forget the Important Excel vulnerability. While this sort of document handling vulnerability requires a little user interaction to succeed, spear-phishers often leverage it in their email-based attacks. Whatever order you choose, I recommend you apply all of today’s update as quickly as you can.
We’ll share more details about Microsoft’s bulletins in upcoming alerts, posted throughout the day. We’ve posted Microsoft update matrix below, for your convenience. — Corey Nachreiner, CISSP (@SecAdept)
Art Sepin says
Here are a couple more announcements.
Bucher, Matthias says
As soon as the patches are shown in WSUS, max. a week later.