Site icon Liquidmatrix Security Digest

Microsoft Patch Tuesday, Thy Name Is Mongo

It’s a big one. Actually it’s the biggest patch release this year so far. Not that it has any real bearing the price of tea in…well, you follow me. The real pain and suffering falls to the security and sysadmin teams that have to evaluate, test and roll out these patches into their respective environments.

From Computer World:

The sheer volume of flaws and fixes — added to the already large number of updates cranked out over the past two weeks by other vendors, including Apple Inc. and Adobe Systems Inc. — is what struck Andrew Storms, director of security operations at nCircle Network Security Inc.

“The volume of the last week is something no security team can staff for,” said Storms, referring to a wave of vulnerability disclosures and patches by developers of some of the Web’s most popular applications, including Adobe Reader, Apple’s QuickTime and Skype Ltd.’s flagship VoIP client. All have been plagued with, and patched, one or more bugs in the past week.

“It’s almost the worst case possible,” Storms said. “There’s so much firefighting going on that it comes down to deciding what risks are the most prevalent, and what can be mitigated without patching or fixing so that people can get to some of the hotter topics.”

The article goes on to say, and I have heard this from a couple of folks, that you should apply the Office and IE patches first. This will help to address the PDF viewer and thereby mitigate the Adobe problem.

Happy patching (if there is such a beast). For the full listing check out the Microsoft Security Bulletin Summary for this month.

Article Link

[tags]Microsoft Patch Tuesday, Microsoft Patches, Feb 2008 Microsoft Patches[/tags]

Exit mobile version