geekEleet

Microsoft has announced 4 critical, 6 important, and 1 moderate security bulletins for the October 14 round of patching.  Keep in mind that these rankings come from the mighty M$ themselves, others may have a different perspective. 

Each critical patch affects one of the following:  Windows, Internet Explorer, Microsoft Host Integration Server, and Microsoft Excel.  Nothing new there.  All four patch security holes that would allow remote code execution if exploited.  Nothing new there either.  The important patches all affect Windows and could enable remote code execution or privilege elevation if exploited.  All together now - No shock there.

More importantly than the routine hole fillers, Microsoft will begin sharing the technical details of new vulnerabilities this month.  That means that software manufacturers can have the opportunity to update affected products before the public announcement.  The goal here is for Microsoft Partners to not be standing there looking stupid and clueless when vulnerabilities and patches are released.

Microsoft will also be providing an “exploitability index” with each bulletin to help system administrators prioritize patches.  Where I work I doubt this will have any impact, since they simply push all security patches out to the desktops and servers.  No rhyme, no reason.  Just deployment.  Surprisingly though, they have disabled access to Windows Update.  Must be a control thing… and we can discuss that another time.

I applaud Microsoft for this first small step towards community collaboration and possibly, just possibly, bringing us one step closer to a more secure operating system of the industry giant.  I won’t go holding my breathe, but I will hold out just a little hope.  If you have concerns about Microsoft Security, visit their Technical Security Notifications page and sign up for an E-mail, RSS, or Windows Live Message whenever a new security bulletin is issued.