Security threats Toolkit

Story: Microsoft rolls out record Patch Tuesday fixes

• 
• 

Patch Management - Prioritise and Implement to address Critical Risks

In amongst the long list of patches for this patch Tuesday, there are six critical patches that IT departments should definitely address for their organisations. Some require prioritisation, and swift action.

MS09-019 is the most important in that it addresses seven separate vulnerabilities across Internet Explorer 6 and 7 for both XP and Vista. This means that almost all Windows users will soon be vulnerable while browsing the web. Two of the vulnerabilities that this update addresses are rated “1” on Microsoft’s “Exploitability Scale” meaning that exploits are likely. These vulnerabilities are in the DHTML and HTML object handling capabilities of Internet Explorer, the core technologies in almost every web page. Additionally, this patch requires a reboot so there is an additional level of complexity in ensuring that this patch is fully deployed across the enterprise.

As MS09-018 addresses an Active Directory vulnerability that is rated a 1 on the exploitability scale and addresses a key infrastructure service, it should also be prioritised. It addresses a “critical” remote code execution for Windows Server 2000 and “important” denial of service vulnerabilities on more recent Microsoft server platforms, something to be avoided on an organization’s directory services infrastructure!

• 
• 

• 
• 
• 

Full Talkback thread