Microsoft is finally pushing people off of old Internet Explorer versions


Microsoft warned us back in April of 2014 that they would be reducing support for the Internet Explorer browser to only cover the latest version available for each operating system. Well that date it upon us. January 12, 2016 will be the official end-of-life date for any version of IE older than the latest available for the version of Windows you are running. If you take a look at the original life-cycle announcement, it provides the version that will be supported for each OS. After the January Patch Tuesday release there will be no security updates unless you are on the supported version for that OS.

On January 12, expect to see upgrade notifications on older versions of Windows, if you are running a version of the browser older than the latest. You can disable those notifications if you have a need to continue running an older version of the browser for some reason.

If you need to continue running an older version of IE for some reason, take precautions. After this last IE update, older versions will become a prime target.

  • Visualize a system with the older version of IE and remove access to the internet and from anyone who does not require access. Of course this only works if the browser will be used for an application or site that is internal to your network.
  • If you need to use an older version for access to an external site, you should begin putting pressure on the vendor involved or start shopping around for alternate solutions. In the mean time, you can also install an alternative browser and inform users of those systems that they must use Google Chrome or Mozilla Firefox for everything but that one purpose. Not a great solution.
  • You can add additional levels of protection with products like Bufferzone. This will containerize the browsing experience, protecting the system if the user happens to come across anything malicious.

This one is not a drill folks. If you recall my assessment of the top five vulnerable vendors from 2015, I called out the three primary contributors to vulnerability counts; OS, browser, and the media\office products. Internet Explorer had the largest single product vulnerability count in 2014. In 2015 it moved down the list to #7, but that was more due to the significant increase in vulnerabilities in other products. It had only 12 less resolved in 2015 than in the previous year. Point being, expect that from the point that older versions of IE are end-of-life’d this month, we will see around 200+ vulnerabilities identified that will go unresolved in the unsupported versions.




Patch Tuesday Advanced Notification December 2014

Bunker BlogThis month is a bit quieter than last month’s barrage of patches as there are only seven bulletins announced, of which three are Critical and four are Important.

The Microsoft Exchange patch (likely MS14-075) is on the list this month again and rated as Important. It is resolving an elevation of privilege vulnerability. Admins who have been watching for when that patch may drop can rest assured that it will not be before Tuesday. As you may recall, this patch was held out of last month’s Path Tuesday updates along with another out-of-band patch that was released later in November.  With all of the changes at Microsoft recently, this practice of holding a patch could become a pattern. It is likely that with less important patches, these will be released on a subsequent Patch Tuesday. However, for more important patches that aren’t ready for Patch Tuesday, they will likely be released later on in the month as they become ready for release.

There is a Critical Internet Explorer update this month as well. We have seen a steady trend of a Critical Cumulative Security Update for IE each month for some time. It may just become a regular fixture as all of the major browsers are getting a lot of attention in the white hat hacking community. We can safely say that this is going to become a Critical monthly occurrence.

There are two additional Microsoft Windows patches, one of which is rated as Critical, the other Important. The Critical update could allow for remote code execution, the Important update is an information disclosure vulnerability.

There are three updates for Microsoft Office including one Critical. All three Office updates resolve vulnerabilities, which could allow remote code execution.

Adobe released an update for Flash Player late in November, so maybe we will see a break in the nine-month streak of Flash Player updates on Patch Tuesday.  We will have to wait and see on that.

Google Chrome and Mozilla FireFox both released a couple of updates in the past few weeks, so we anticipate not seeing any additional Patch Tuesday updates from the other major browsers — unless we see a Flash update. In that case we could also see a Chrome update to support the plug-in.

Microsoft Security Bulletins:

  • 3 bulletins are rated as Critical.
  • 4 bulletins are rated as Important

Vulnerability Impact:

  • 5 bulletins address vulnerabilities which could allow Remote Code Execution.
  • 1 bulletins address vulnerabilities which could allow Elevation of Privileges.
  • 1 bulletin addresses a vulnerability which could lead to Information Disclosure.

Affected Products:

  • All supported Windows Operating Systems (Including the Technical Previews!)
  • All supported Internet Explorer versions.
  • Microsoft Office 2007, 2010
  • Microsoft Exchange 2007, 2010, and 2013

Join us as we review the Microsoft and third-party releases for December Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, December 10th at 10 a.m. CDT.  We will also discuss other product and patch releases since the November Patch Tuesday.

You can register for the Patch Tuesday webinar here.

For more information on Patch Management go here.

The Communicators Corner: Demystifying Distribution Servers

This is the first of many “meat and potatoes” blog articles that I will be writing throughout the course of this year. In this article, I am going to talk about one of the most useful, but also one of the most underused and misunderstood, features in Shavlik Protect – distribution servers.

Most of you are familiar with Shavlik Protect and love it for how it simplifies your patch, threat and power management activities. But you may not be familiar with distribution servers, or you may be reluctant to use them because they don’t seem simple to implement. While it’s true that distribution servers add a level of complexity to your administration activities, in many cases they are well worth the effort for the value that they add.

May Patch Tuesday Advanced Notification

Microsoft has announced this month’s Patch Tuesday release.  There are 8 total patches expected to be released on Tuesday, May 13th. Here is the breakdown for this month:

Security Bulletins:

  • 2 bulletins are rated as Critical.
  • 6 bulletins are rated as Important.

Vulnerability Impact:

  • 3 bulletins address vulnerabilities that could allow Remote Code Execution.
  • 3 bulletins address vulnerabilities that could allow Elevation of Privileges.
  • 1 bulletin addresses a vulnerability that could lead to Denial of Service.
  • 1 bulletin addresses a vulnerability that could lead to Security Feature Bypass.

Affected Products:

  • All supported Windows operating systems
  • All supported Internet Explorer versions
  • All supported versions of Office
  • All Supported versions of Sharepoint
  • Microsoft Office Web Apps
  • Sharepoint Designer

Join us as we review the Microsoft and third-party releases for May Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, May 14th at 11 a.m. CDT.  We will also discuss other product and patch releases since the February Patch Tuesday.

You can register for the Patch Tuesday webinar here.

Replace Dell Patch Authority Ultimate with Shavlik Protect

Dell offered Patch Authority Ultimate to its customers looking for a complete patch solution but not wanting the unwanted burden of a full client life cycle solution. Dell announced the end of life of the product last year and will discontinue support for the product on May 31, 2014.


Having a good patch solution and process in place is critical to managing all the software updates in an organization, including both the OS and third party applications.  Dell Patch Authority did a good job keeping your systems up-to-date, but with the end-of-life announcement, you are now you are faced with a choice of either patching manually (unacceptable), using multiple tools to patch your enterprise, or choosing a more full featured systems management product which tends to be much more expensive.

Now that you’ve heard the bad news, let’s hear the good news. Shavlik Protect offers many of the same features of Dell’s Patch Authority and can even use the same patching database you have already built for your enterprise with Patch Authority.  For customers who are currently using Patch Authority, now is a good time to take a closer look at Shavlik Protect.

Stay tuned for my next blog where I go into details around product strategy for a large organization such as Dell.

April Patch Tuesday Advanced Notification

Microsoft announced their April 2013 advanced notification for Patch Tuesday.  The April edition of Patch Tuesday will be bringing nine security bulletins.

Security Bulletin Breakdown:

  • 2 bulletins are rated as Critical
  • 7 bulletins are rated as Important
  • 2 bulletins address vulnerabilities that could lead to Remote Code Execution
  • 5 bulletins address vulnerabilities that could lead to Elevation of Privilege
  • 1 bulletin addresses a vulnerability that could lead to Information Disclosure
  • 1 bulletin addresses a vulnerability that could lead to a Denial of Service attack

Affected Products:

  • All Internet Explorer versions
  • All supported Windows Operating Systems
  • InfoPath 2010 SP1
  • SharePoint Server 2010 SP1
  • Groove Server 2010 SP1
  • Office Web Apps 2010 SP1
  • SharePoint Foundation 2010 SP1
I will be going over the April Patch Tuesday patches in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, April 10th at 11:00 a.m. CDT.  I will also be reviewing other non-Microsoft releases that have occurred since the March Patch Tuesday. You can register for the Patch Tuesday webcast here.
Chris Goettl

New Webinars available for vCenter Protect

In addition to our Patch Tuesday Webinar we are starting a few new Webinar series.  These are as follows:

vCenter Protect Demonstration – This webinar series is intended to provide a basic overview of the vCenter Protect features for customers evaluating the product.  Each demonstration will be followed by Q&A with the host and is a great way to get a quick introduction to the Protect product.

vCenter Protect Tech Talk – This webinar series is intended to provide focused feature demonstrations.  Each Tech Talk will focus on a specific feature or scenario to provide Protect users with guidance on how to use the product.  Each Tech Talk will also include some Q&A time with the host to allow users to ask questions about the showcased feature or scenario and find the solutions they need to better manage their environment.  Stop out to our community to cast your vote on the first topic.  Voting closes on the Monday before each Tech Talk webinar.

Then we have our long running Patch Tuesday webinar series.  For those of you who are not familiar with it you can view playbacks of previous patch tuesday webinars at the same webinar page.  This webinar series gives Admins a quick overview of what released on Patch Tuesday each month.  We bring together information from a variety of sources to give you what you need to understand the impact of Patch Tuesday.

Stop out and register for an upcoming webinar today!

Chris Goettl
Product Manager
vCenter Protect Team, VMware


vCenter Protect 9.0 Public Beta Coming Soon!

Hey Everyone!

This is the first of many announcements to come.  We are currently gearing up for the vCenter Protect 9.0 public beta and looking for participants.  Invitations will start being sent at the end of this week.  We are targeting to launch the public beta on March 11th, 2013.  If you would like to participate in the beta you can send an email to   The beta will be fully supported in production environments.  This means full upgrade support for the beta version when the GA version releases.   Now, on to the good stuff, WHATS NEW in vCenter Protect 9.0!

This is a HUGE release!  We have been in development on this release for over a year so it is packed with great new features, enhancements, and usability improvements.  Here are the highlights:

Major Features:

  • Cloud Agents – break free from your visio network and bring order to chaos!  Ok, that was a little melodramatic, but this feature is really cool.  Come check it out.
  • Virtual View and ESXi Hypervisor Patching – Standalone or managed.
  • 64 bit edition
  • Install support for console on Windows 8, Server 2012, and SQL 2012


  • Updated workflow and more flexible scheduling options for Distribution Server sync
  • Add detected threats to allowed threats list as right click action
  • **Machines Not Scanned right click options have returned! **  (Yes, we heard you and have brought them back.)
  • Machine Group Comment Field (at entity level)
  • Edit entities in Machine Group
  • **Supersedence support for Patch Groups** (Another one I know many of you are anxiously awaiting)

These and other new features await you in vCenter Protect 9.0!  Over the next few weeks we will be sharing more details, screenshots, and videos on vCenter Protect 9.0, so stay tuned.


Chris Goettl
Product ManagerProduct Owner
vCenter Protect Team

February 2013 Patch Tuesday Overview

This week New York gets hammered with snow and IT Admins get hammered with patches.  Microsoft has released 12 new security bulletins addressing 55 vulnerabilities.  The number of vulnerabilities this month comes very close to the record 64 vulnerabilities resolved in the April 2011 Patch Tuesday.

Of the 12 bulletins released this Patch Tuesday, 5 are critical.  MS13-009 and MS13-010 affecting Internet Explorer, MS13-011 and MS13-020 affecting the Windows Operating System, and MS13-012 affecting Exchange Server.

The first browser patch this month is MS13-009.  This is a cumulative security update covering 13 of the reported vulnerabilities and should be a priority for administrators.  IE 6-10 on all supported Windows Operating Systems are affected.

The second browser patch is MS13-010.  This bulletin resolves a single VML memory corruption vulnerability which could allow a specially crafted website to remotely execute code.   Exploit code is likely and Microsoft is aware of this being used as an information disclosure vulnerability.   IE 6-10 on all supported Windows Operating Systems are affected.

MS13-011 is a critical patch affecting supported versions of Windows XP, Vista, Server 2003, and Server 2008.  It resolves a publicly disclosed vulnerability that can allow remote code execution when a specially crafted streaming media is executed.  The attacker could gain equivalent rights to the user who executed the media file.  If the media is embedded in other files, like ppt, it can also be exploited.

The next critical bulletin is MS13-012.  It is a vulnerability in Exchange Server 2007 and 2010.  The vulnerability allows a specially crafted file using the Outlook Web App.

The last critical bulletin, MS13-020, resolves a vulnerability in OLE Automation.  The vulnerability could allow remote execution if a user opens a specially crafted file allowing the attacker to gain users rights equivalent to the current user.  This vulnerability affects Windows XP SP3.

The remaining seven patches are categorized as Important.  The majority are affecting the Windows Operating System, with one .Net, and one Microsoft FAST Search Server bulletin.

-Chris Goettl