Microsoft Patch Tuesday Roundup - January 2011
The first Microsoft bulletin of the year, MS11-01, only affects Windows Vista and is classified by Microsoft as "important". For those not running Vista, this patch can safely be ignored. It’s easier for smaller organizations to keep up with operating system upgrades and patches on desktop systems. However, if your organization has over 10,000 desktops, upgrading all of them is a daunting task. I really like the idea of using "cloud computing" for this purpose. Yes, I’m suggesting that we use “cloud computing” to improve security! However, in this case, I am talking about a cloud that operates and is managed within the organization, not by a third party. If you are planning on putting your applications and data in, for example, Amazon’s cloud, then you are outsourcing your security to Amazon. It may be better to implement your own cloud to control the security and data. Rather than hosting all of your software and data on a laptop or desktop, the laptop or desktop just gives you access to the applications and data. This is not a new concept, but as more and more laptops will be lost or stolen and client-applications will have vulnerabilities, I believe it’s a logical solution to the problem.
While many talk about the dangers of the cloud, can we actually use the cloud to improve security?
The shocking part of this month's “Patch Tuesday” release is that Microsoft is not offering patches in two security advisories, including Windows Graphics Rendering Engine (Security Advisory 2490606) or the vulnerability affecting Internet Explorer (Security Advisory 2488013)." Microsoft reports that the Internet Explorer vulnerability is being exploited in the wild, so I'm at a loss to explain why a patch has not been released.
To further aid in your efforts to evaluate the dangers of the vulnerabilities addressed by Microsoft Patch Tuesday, Tenable's Research team has published plugins for each of the security bulletins issued this month:
- MS11-001 - Nessus Plugin ID 51454 (Credentialed Check)
- MS11-001 - Nessus Plugin ID 51455 (Credentialed Check)
Resources
- Microsoft Security Bulletin Summary for January 20101
- OSVDB Microsoft Bulletins - Complete Reference
- January 2011 Security Bulletin Release (Microsoft Security Response Center Blog)
Related Articles
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!