Marking the May 2012 edition of Patch Tuesday, Microsoft has released seven new security bulletins addressing 23 vulnerabilities.

The first bulletin administrators should address immediately is the mammoth security bulletin MS12-034.  The sheer size of this security bulletin will undoubtedly affect the majority of your network when patching this month.

This bulletin covers:
72 Microsoft operating systems / service pack combinations
31 Microsoft .NET installation versions and types
9 Microsoft Office installation versions and types
6 Microsoft Silverlight installation versions and types

This is by far one of the largest security bulletins Microsoft has ever released.  This bulletin will address seven vulnerabilities with …

Microsoft has released their Advanced Notification for the May 2012 edition of Patch Tuesday.  Microsoft is planning to release seven bulletins addressing 23 vulnerabilities.  In addition, they will be releasing a Security Advisory to update ActiveX killbits.  Last year, Microsoft moved the ActiveX killbit updates from a Security Bulletin to a Security Advisory.  So, you should be aware that there will be eight bulletins that need your attention next Tuesday.

Security Bulletin Breakdown:

4 bulletins are rated as Critical
3 bulletins are rated as Important
5 bulletins addressing vulnerabilities that could lead to Remote Code Execution
2 bulletins addressing vulnerabilities that could lead to Elevation …

VMware customers using the Shavlik branded versions of Protect please note that we are announcing the end-of-life for versions 7.5, 7.6, and 7.8.  You will see the following message when contacting support.

“In November of 2012, Shavlik, a VMware Company, will End-of-Life (EOL) the following NetChk Protect versions by disabling the ability to update the XML data. As of November 1, 2012, the ability to update XML data on Protect 7.5, 7.6 and 7.8 versions of the product will be disabled. Please refer to VMware’s Life Cycle Policies page under VMware vCenter Protect Essentials/Essentials Plus for further information at https://www.vmware.com/support/policies/lifecycle/ &

Keeping up to date with patches historically meant operating systems and applications from Microsoft.  In today’s threat landscape, however, third-party applications have become the leading cause of most vulnerabilities on the network.  Many companies around the world rely on Microsoft System Configuration Manager (SCCM) for patch management.  That simply is not enough to bolster network security, however, because Microsoft applications are not the only ones at risk.

Microsoft Management Summit 2012 begins today in Las Vegas and if you are attending the show, we invite you to stop by VMware booth #621.  We’ll be demonstrating the latest releases of our VMware …

Microsoft has released six bulletins addressing 11 vulnerabilities in the April 2012 version of Patch Tuesday.

Marking the fourth Patch Tuesday of the year, Microsoft and non-Microsoft vendors are making this quite an interesting month with critical security bulletins and new products to consider in your monthly Patch Tuesday.

There are many products that are affected by the new security bulletins. This means you will be seeing quite a few patches missing on a single machine.  For example, MS12-027 affects 29 different products and service pack levels.  For those administrators responsible for reporting their patch compliance, this can …

Microsoft has released their Advance Notification for the upcoming April Patch Tuesday.  With the six bulletins announced, Microsoft is planning to address 11 vulnerabilities.  This marks Microsoft’s heavy patch month and we are seeing this with the sheer number of affected products this month.  We are also looking at a heavy server patching month to go along with all workstations being affected.

 Security Bulletin Breakdown:

4 bulletins are rated as Critical
2 bulletins are rated as Important
5 bulletins addressing vulnerabilities that could lead to Remote Code Execution
1 bulletin addressing a vulnerability that could lead to Elevation of Privilege

 Affected Products:

All supported Microsoft …

Microsoft has released six bulletins for the March 2012 Patch Tuesday.  With this release, Microsoft is addressing seven vulnerabilities.

The primary bulletin administrators should look to address first is MS12-020.  This bulletin addresses two privately reported vulnerabilities to Microsoft affecting the Remote Desktop Protocol on all supported versions of the Microsoft operating system.

If an attacker sends a specially crafted packet to a machine with RDP enabled, the attack could result in Remote Code Execution on the target machine.  Although Microsoft is stating that most machines do not have RDP enabled by default, I know of many organizations …

Microsoft has released their advanced notification for the March 2012 edition of Patch Tuesday.  Microsoft is planning to release six bulletins addressing seven vulnerabilities.

 Security Bulletin Breakdown:

1 bulletin is rated as Critical
4 bulletins are rated as Important
1 bulletin is rated as Moderate
2 vulnerabilities could lead to Remote Code Execution
2 vulnerabilities could lead to Elevation of Privilege
2 vulnerabilities could lead to Denial of Service

 Affected Products:

All supported Microsoft Operating Systems
Microsoft Visual Studio 2008, 2010
Microsoft Expression Design 1, 2, 3, 4

I will be talking about the March Patch Tuesday as well as any other non-Microsoft patches that have been recently released next …

Microsoft has released nine new security bulletins for the February 2012 edition of Patch Tuesday.  This Patch Tuesday is typically marked as a ‘heavy’ release month and includes nine new security bulletins addressing 21 vulnerabilities.

There are two bulletins that administrators should look to patch immediately.  Both of these bulletins address vulnerabilties that have the potential for drive-by attack scenarios from websites.

First up is Microsoft security bulletin MS12-010.  This bulletin affects all supported Microsoft Internet Explorer browsers and addresses four vulnerabilities in the browser.  As is the case with most, if not all Internet Browsers, it is …

Microsoft has announced their February 2012 Advanced Notification for the upcoming Patch Tuesday.  Microsoft is planning to release nine security bulletins fixing 21 vulnerabilities.

Security Bulletin Breakdown:

4 bulletins are rated as Critical
5 bulletins are rated as Important
7 vulnerabilities could lead to Remote Code Execution
2 vulnerabilities could lead to Elevation of Privilege

Affected Products:

All supported Microsoft Operating systems
All supported Internet Explorer browsers
Visio Viewer 2010
SharePoint Server 2010
SharePoint Foundation 2010
Silverlight 4

There has been no word of other vendors planning to release new security bulletins, but we are constantly monitoring to find any other vendors planning on joining Microsoft’s Patch Tuesday.

I will be talking …