If you’re anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later.
Today, Microsoft released seven security bulletins fixing at least 11 vulnerabilities in many of their products, including:
- Windows (all versions)
- Internet Explorer (IE)
- Word (part of Office)
- and Exchange Server
They rate five of the bulletins as Critical, and the rest as Important. For more details, check out their December bulletin summary, or wait for our detailed alerts.
If I were to pick the order you patched, I’d start with the Exchange update since you need to protect your public servers, follow with the IE patch since attackers like drive-by downloads, fix the Word flaw to avoid targeted phishing attacks, and end with the Windows updates in order of severity… but that’s just me.
In any case, you should download, test, and deploy Microsoft’s updates as soon as possible. If you don’t have time to test everything, at least take the time to test the Exchange update, as you don’t want your production email server suffering any downtime.
I’ll post more detailed alerts throughout the day, but until then feel free to refer to Microsoft’s December bulletin matrix below. — Corey Nachreiner, CISSP (@SecAdept)
