Yesterday Microsoft released KB3096053, but as a separate patch. On Patch Tuesday MS15-098 released to resolve security vulnerabilities in Windows Journal. The initial patch release failed to install correctly on Windows 8 and Server 2012. As a response to these issues Microsoft has released a non-security update that must be run before MS15-098 can be installed on the affected operating systems. The fix seems to come with it’s own pains:
Other than the Microsoft conspiracy to kill off disc based gaming ONCE AND FOR ALL!!!!! it was a pretty uneventful Patch Tuesday for issues.
For those who want to read up on, and fume over, the terrible conspiracy to kill off your disc based games, here is a little media fodder.
This feels like a light month compared to the last few Patch Tuesdays, especially for third parties. Coming off of Black Hat, all the vendors we would normally expect to see on patch day have had their hands forced last month to respond quickly to any vulnerability they may have had, likely causing a slow month this time around. Next month we should expect a Java quarterly release, along with more third-party patches.
As for Microsoft, it has released 12 bulletins. Five of these bulletins are rated as Critical. There are a lot of media content vulnerabilities being resolved this month for graphics drivers, Windows Journal and Media Center, and Microsoft Office and Sharepoint.
As explained in “Security and the ‘ART-ful’ Enterprise,” to become more “ART-ful,” your enterprise must become more agile, resilient, and trustworthy. This post digs a bit more deeply into what business agility is, why it matters, and the critical role security must play for your enterprise to achieve and sustain it.
Agility is more than simple, reactive adaptability. It’s even more than what’s usually covered by that discipline many of us know as “change management.” (An aside: to succeed with change management, it is often necessary to…change management.)