Microsoft is planning a light October edition of its regular Patch Tuesday updates next week that focuses on Office flaws and features just one critical patch. The critical bulletin features a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. Office for Mac is not …
No public exploits, yet
"It should be a relief to many that none of the bulletins requires immediate attention, as none of them address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. This means that there isn’t any publicly known exploit code for this month’s bulletin cycle."
Well, not until Wednesday, by which time the black hats will have reverse engineered the patches. But I suppose if sys admins are going to lose sleep over the certificate change, it is probably fortunate that there aren't too many other crises in play.
Patching in perspective
The latest US-CERT Vulnerability Summary (http://www.us-cert.gov/cas/bulletins/SB12-275.html) for the _week_ of September 24 contains over 100 vulnerabilities including:
Google – 24 vulnerabilities
Cisco - 10 vulnerabilities
IBM - 10 vulnerabilities
HP - 6 vulnerabilities
Microsoft - 4 vulnerabilities
Plus vulnerabilities for Apache, Adobe, EMC, McAfee, Oracle, Phpb2b, Phpmyadmin, Rsyslog, Siemens, TrendMicro and Ubuntu.
Most Microsoft and Google Chrome users will probably actually get these updates. How true is this of the rest I wonder?