Patch Tuesday +1: This morning we presented our monthly Patch Tuesday webinar. Between Microsoft and 3rd party the Patch Tuesday bill was doubled.
Microsoft had a big release this month. They released 10 Security Bulletins resolving 33 vulnerabilities yesterday, covering everything from the OS to Apps. Most notable was MS13-038 which resolves the IE 8 vulnerability that is currently being exploited in the wild. For those of you who deployed the FixIt, Microsoft is recommending that you disable it first then deploy MS13-038. One other thing to note is that you should deploy MS13-037 as well or MS13-038 could cause compatibility issues for end users. Those are the most concerning patches from Microsoft. To add to that we had five 3rd Party vendors releasing 8 product updates. These covered over 50 vulnerabilities. Theme for the month “Update your browsers and Flash”. Mozilla had three critical product updates resolving over 15 vulnerabilities. Google released a new version of Chrome to support a critical Flash patch. Adobe released critical Flash, AIR, Reader, and Acrobat patches resolving over 27 vulnerabilities.
Recommendations across the board are pretty consistent. Focus on the browsers (MS and 3rd Party) and Adobe first. Then tackle the rest.
In other news, Shavlik has released Shavlik Protect 9.0 as our first official product launch as part of LANDesk! For more details check out the first publication regarding the release this morning. For details on the release check out the announcement on www.shavlik.com. Next week we will be running a few webinars around the new features and the upgrade experience.
Shavlik Protect Team, LANDesk
Microsoft has announced their May 2013 advanced notification. The May edition of Patch Tuesday will include 10 security bulletins. (See the Microsoft announcement here.)
Microsoft is working to have the Internet Explorer Security Update to address the issue described in Security Advisory 2847140, supplementing the currently available Fix it.
Security Bulletin breakdown:
- 2 bulletins are rated as Critical
- 8 bulletins are rated as Important
- 5 bulletins address vulnerabilities that could lead to Remote Code Execution
- 1 bulletins address vulnerabilities that could lead to Elevation of Privilege
- 2 bulletin addresses a vulnerability that could lead to Information Disclosure
- 1 bulletin addresses a vulnerability that could lead to a Denial of Service attack
- 1 bulletin addresses a vulnerability that could lead to a Spoofing attack
- All Internet Explorer versions
- All supported Windows Operating Systems
- Microsoft Office and Visio 2003, 2007, and 2010
- Microsoft Office Communicator 2007
- Microsoft Lync 2010 and 2013
- Windows Essentials 2011 and 2012
I will be going over the May Patch Tuesday patches in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, May 15th at 11:00 a.m. CDT. I will also be reviewing other non-Microsoft releases that have occurred since the March Patch Tuesday. You can register for the Patch Tuesday webcast here
Last week one of our Sales Engineers took the new Cloud Agent feature of Protect 9.0 for a spin. Within minutes he had registered and installed Agents on several servers he had spun up in Amazon’s Public Cloud. From the same console he uses to demo network discovery and agentless scan and deployment he also manages agents covering servers outside the network. All of this without opening security risks on the network. Once again, this shows that there can be simple ways to support and manage machines no matter where they may reside.
Shavlik Protect 9.0 is available as an early access release currently. For more details you can contact us at Protect-Help@Shavlik.com. Also take a look at some upcoming webinars covering the official product launch on May 15th. The “Introducing Shavlik Protect 9.0” webinar will discuss the new features in a demonstration geared toward new customers. The “Upgrading to Shavlik Protect 9.0” will discuss the upgrade path and things that current customers will want to know about behavioral changes, etc.