18 Patches Available
Five Microsoft vulnerabilities deemed critical
Microsoft Patch Tuesday came around again last week. For Peter Wallace, IT director at the American Automobile Association Reading-Berks office in Pennsylvania, it meant patching the five vulnerabilities deemed critical out of the 18 identified. The five affected Exchange Server, Internet Explorer, Microsoft Word, MSN Messenger, and the TCP/IP communication protocol. Among the risks are denial-of-service and remote-code-execution attacks.
The Explorer vulnerability alarmed Wallace the most. "That one could shut down Internet access and crash our machines," says Wallace, who personally approves all the patches the office implements before testing them.
Companies should look at factors such as the extent a system could be compromised, says Pete Lindstrom, founder of analyst firm Spire Security. "It's a question mark whether a vulnerability will lead to an attack," he says, "and we're spending a lot of time installing patches we might not need." But you can never be too prepared. "The challenge is that a couple of these vulnerabilities have proof-of-concept code out there. Such code lowers the bar for those who can infiltrate the system, like script kiddies."
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022