Microsoft is planning a light October edition of its regular Patch Tuesday updates next week that focuses on Office flaws and features just one critical patch. The critical bulletin features a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. Office for Mac is not …
No public exploits, yet
"It should be a relief to many that none of the bulletins requires immediate attention, as none of them address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. This means that there isn’t any publicly known exploit code for this month’s bulletin cycle."
Well, not until Wednesday, by which time the black hats will have reverse engineered the patches. But I suppose if sys admins are going to lose sleep over the certificate change, it is probably fortunate that there aren't too many other crises in play.
Patching in perspective
The latest US-CERT Vulnerability Summary (http://www.us-cert.gov/cas/bulletins/SB12-275.html) for the _week_ of September 24 contains over 100 vulnerabilities including:
Google – 24 vulnerabilities
Cisco - 10 vulnerabilities
IBM - 10 vulnerabilities
HP - 6 vulnerabilities
Microsoft - 4 vulnerabilities
Plus vulnerabilities for Apache, Adobe, EMC, McAfee, Oracle, Phpb2b, Phpmyadmin, Rsyslog, Siemens, TrendMicro and Ubuntu.
Most Microsoft and Google Chrome users will probably actually get these updates. How true is this of the rest I wonder?
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- You dirty RAT! Hong Kong protesters infected by iOS, Android spyware
- Ice, ice maybe: Evidence of 'Grand Canyon' glacier FOUND ON MARS