Just as everyone was preparing for a Fourth of July barbecue, Microsoft was busy on their end preparing for the release of advance notification for Patch Tuesday next week. Six security bulletins, two Critical, three Important, and one Moderate, were publicized. Compared to 106 bulletins in 2013, six seems fewer but still enough to keep IT admins on their toes.
“It will be interesting to see just how many CVEs are in this round after the 59 patched in MS14-035. Rather than 59 being the new normal, I expect this round will return to the 8-12 CVEs addressed per IE patch standard,” says Ross Barrett, senior manager of security engineering at Rapid7. A possible cumulative update patch of Internet Explorer is included in the two Critical security bulletins. It is high time IE sees some update since it has been pushed to the sidelines with tons of other browsers coming out.
“This patch should be top of your list, since most attacks involve your web browser in some way. Take a look at the most recent numbers in Microsoft SIR report v16, which illustrate clearly that web-based attacks, which include Java and Adobe Flash are the most common,” Qualys CTO, Wolfgang Kandek, emphasizes in a blog post.
More than improved browser security, the second Critical update covers every version of Windows OS including Windows 8.1. Russ Ernst, director of product management for Lumension says that datacenter admins should be on guard next week because every bulletin will affect almost every version of Windows’ Servers. He specifies, “Two of the bulletins even impact Windows Server set to Core mode.”
Chris Goettl, product manager of Shavlik says that updates in June need other updates to be added on top of them, depending on the platform they’re applied to. Ernst also warned not to postpone patching this month.
Have questions about your Windows Servers? Have they been patched lately? Not sure? Call us today and book a no obligation review of your Windows or any other servers you may have and get a health check done.