Microsoft Patch Tuesday Roundup - January 2011
The first Microsoft bulletin of the year, MS11-01, only affects Windows Vista and is classified by Microsoft as "important". For those not running Vista, this patch can safely be ignored. It’s easier for smaller organizations to keep up with operating system upgrades and patches on desktop systems. However, if your organization has over 10,000 desktops, upgrading all of them is a daunting task. I really like the idea of using "cloud computing" for this purpose. Yes, I’m suggesting that we use “cloud computing” to improve security! However, in this case, I am talking about a cloud that operates and is managed within the organization, not by a third party. If you are planning on putting your applications and data in, for example, Amazon’s cloud, then you are outsourcing your security to Amazon. It may be better to implement your own cloud to control the security and data. Rather than hosting all of your software and data on a laptop or desktop, the laptop or desktop just gives you access to the applications and data. This is not a new concept, but as more and more laptops will be lost or stolen and client-applications will have vulnerabilities, I believe it’s a logical solution to the problem.
While many talk about the dangers of the cloud, can we actually use the cloud to improve security?
The shocking part of this month's “Patch Tuesday” release is that Microsoft is not offering patches in two security advisories, including Windows Graphics Rendering Engine (Security Advisory 2490606) or the vulnerability affecting Internet Explorer (Security Advisory 2488013)." Microsoft reports that the Internet Explorer vulnerability is being exploited in the wild, so I'm at a loss to explain why a patch has not been released.
To further aid in your efforts to evaluate the dangers of the vulnerabilities addressed by Microsoft Patch Tuesday, Tenable's Research team has published plugins for each of the security bulletins issued this month:
- MS11-001 - Nessus Plugin ID 51454 (Credentialed Check)
- MS11-001 - Nessus Plugin ID 51455 (Credentialed Check)
Resources
- Microsoft Security Bulletin Summary for January 20101
- OSVDB Microsoft Bulletins - Complete Reference
- January 2011 Security Bulletin Release (Microsoft Security Response Center Blog)
Related Articles
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.