Patch Tuesday + 8. It was a large one this month. Initially there were four Critical updates from Microsoft, but a fifth Critical released on July 20th as an out of band. MS15-078 was discovered in the 400GBs of data from the Hacking Team breach. The fact that the data was part of the breach means that CVE-2015-2426 has been publicly disclosed. 8 public disclosures and depending on how you score them, there are now 7 Zero Days in the lineup of updates this month. Java is plugging one, Flash is plugging two, and Microsoft now as four (three already exploited and the fourth resolved by MS15-078). See the summary of updates below for details.
Along with all of the new features and improvements, Microsoft is introducing changes to how updates will be delivered. There have been growing concerns around these changes and the introduction of Windows Update for Business (WUB). Regardless of what you may have heard, these changes are not all bad. Microsoft is trying to deliver two important things to the Windows user with these changes: 1) accelerated release of Security Updates while retaining stability and 2) faster delivery of new features for the user. Microsoft is introducing branches, or rings, that will allow machines to receive updates on different intervals.
Are you prepared for the impending Windows Server 2003 end of life? Support is ending on July 14, 2015, which just so happens to be Patch Tuesday. You get one last round of security updates before support ends. So what are your options? I have had a number of companies approach us about what their options are, so I thought I would share some of those thoughts here.
Option 1: Migrate off of 2003. By the fact that you are here reading this, we can assume that Option 1 is delayed for some time.