The Big Patch Tuesday Story Is Not About Microsoft
Last month the primary focus for many on Patch Tuesday was all about Oracle and their huge quarterly patch release. This month the big story is an emergency patch for an Adobe Zero-Day with ongoing active attacks currently being seen in the wild.
This emergency patch is set as the highest priority because of its widespread usage. Adobe released an emergency fix this week to handle active attacks currently being seen in the wild against Flash Player plug in for IE and other browsers. Get the details on Adobe's site.
From Microsoft today we have 7 bulletins shown below, highest priority first. Of these Patch Tuesday bulletins 4 are listed as "critical" and 3 are labeled "important:"
- MS14-010 is a cumulative security update for IE, ...
2014 Is Off To A Good Start With Microsoft - Not So Good With Oracle
A collective sigh of relief from IT & Cyber Security professionals after reviewing Microsoft's January Patch Tuesday security bulletins.a light workload! Microsoft released four (4) bulletins this January 2014 Patch Tuesday and none are rated critical. Security patches to mitigate a Remote Execution issue in SharePoint Sever and Microsoft Word, Kernel issue in XP and Windows 2003, Kernel issue associated with Elevation of Privileges in Windows 7 and Windows Server 2008 R2, and Denial of Service issue in Microsoft Dynamic AX.
Oracle is more than making up for Microsoft's light workload in January! Oracle is releasing just fewer than 150 fixes that will impact about 47 of their products. Approximately 85 of the issues are remotely exploitable and without any need for user authenticationOuch! While Oracle will be the focus this Patch Tuesday for IT flaw remediation, do not discount the risk
The SANS 'Securing Windows with the Critical Security Controls' course (SEC505) will be offered at the April conference in Orlando, Florida.
SANS Critical Security Controls -- Deep Dive for Windows (course number SEC505).
Free PowerShell scripts to reset the local Administrator password automatically to a different random string on every computer in a small or large enterprise, then save that password in an encrypted form so that only IT staff can view the password in plain text.