Microsoft is planning a light October edition of its regular Patch Tuesday updates next week that focuses on Office flaws and features just one critical patch. The critical bulletin features a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. Office for Mac is not …
No public exploits, yet
"It should be a relief to many that none of the bulletins requires immediate attention, as none of them address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. This means that there isn’t any publicly known exploit code for this month’s bulletin cycle."
Well, not until Wednesday, by which time the black hats will have reverse engineered the patches. But I suppose if sys admins are going to lose sleep over the certificate change, it is probably fortunate that there aren't too many other crises in play.
Patching in perspective
The latest US-CERT Vulnerability Summary (http://www.us-cert.gov/cas/bulletins/SB12-275.html) for the _week_ of September 24 contains over 100 vulnerabilities including:
Google – 24 vulnerabilities
Cisco - 10 vulnerabilities
IBM - 10 vulnerabilities
HP - 6 vulnerabilities
Microsoft - 4 vulnerabilities
Plus vulnerabilities for Apache, Adobe, EMC, McAfee, Oracle, Phpb2b, Phpmyadmin, Rsyslog, Siemens, TrendMicro and Ubuntu.
Most Microsoft and Google Chrome users will probably actually get these updates. How true is this of the rest I wonder?
- Top Gear Tigers and Bingo Boilers: Farewell then, Phones4U
- Breaking Fad 4K-ing excellent TV is on its way ... in its own sweet time, natch
- First Irish boy band U2. Now Apple pushes ANOTHER thing into iPhones, iPods, iPads
- Updated iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
- Stephen Pie iPhone 6: Most exquisite MOBILE? NO, it's the Most Exquisite THING. EVER