Microsoft releases fix for MS15-098 issues on Windows 8 and Server 2012, but it is no piece of cake

nocake

Yesterday Microsoft released KB3096053, but as a separate patch.  On Patch Tuesday MS15-098 released to resolve security vulnerabilities in Windows Journal.  The initial patch release failed to install correctly on Windows 8 and Server 2012.  As a response to these issues Microsoft has released a non-security update that must be run before MS15-098 can be installed on the affected operating systems.  The fix seems to come with it’s own pains:

September Patch Tuesday, a lot of Microsoft with a touch of Adobe

SepPatchDaySummary

This feels like a light month compared to the last few Patch Tuesdays, especially for third parties. Coming off of Black Hat, all the vendors we would normally expect to see on patch day have had their hands forced last month to respond quickly to any vulnerability they may have had, likely causing a slow month this time around. Next month we should expect a Java quarterly release, along with more third-party patches.

As for Microsoft, it has released 12 bulletins. Five of these bulletins are rated as Critical. There are a lot of media content vulnerabilities being resolved this month for graphics drivers, Windows Journal and Media Center, and Microsoft Office and Sharepoint.

Your “ART-ful” Enterprise: Security and Agility

techart2(own)As explained in “Security and the ‘ART-ful’ Enterprise,” to become more “ART-ful,” your enterprise must become more agile, resilient, and trustworthy. This post digs a bit more deeply into what business agility is, why it matters, and the critical role security must play for your enterprise to achieve and sustain it.

Agility is more than simple, reactive adaptability. It’s even more than what’s usually covered by that discipline many of us know as “change management.” (An aside: to succeed with change management, it is often necessary to…change management.)