Microsoft Patch Tuesday: What You Need to Know

There are 6 new Security Bulletins: 3 rated as Critical and 3 as Important. Not all Critical Bulletins are equal, though

Yesterday was Microsoft's Patch Tuesday for the month of November. There are 6 new Security Bulletins this month: 3 rated as Critical and 3 rated as Important. Not all Critical Security Bulletins are created equally though. You need to understand the implications of the flaw being patched and how it applies to your systems to determine how urgent the update is.

With one month left in 2009, Microsoft would have to have a record-breaking month in December to surpass the 78 Security Bulletins released in 2008. So, in that regard you can say its been a better year for Microsoft. It is also worth noting that this month's Security Bulletins do not affect the new Windows 7 operating system.

Some Security Bulletins may be rated Critical by Microsoft, but only impact platforms or applications you don't use so they don't pose much threat to your system. Others may be exploited by worms, or with unauthorized drive-by malicious downloads like Security Bulletin MS09-065.

According to Tyler Reguly, Lead Security Research Engineer with nCircle, says "There's no question that this month, the most important bulletin to patch quickly is MS09-065. Given the drive-by attack vector presented in Internet Explorer, combined with the Office document vector, this bulletin is dangerous and should be patched as soon as possible."

Small and medium businesses are often between a rock and a hard place when it comes to security flaws and updates. They tend to have a more diverse collection of hardware and software than consumers, but they also have to balance patching against business needs and ensure that software updates don't break applications or impact productivity.

Reguly notes "In general with SMBs, operation of the company usually seems to trump security in a big way. It's important that they remember that security is important and apply the more serious patches as quickly as possible, and roll out the remainder as soon as possible."

One issue that plagues small and medium businesses is reliance on legacy software. They don't have the budgets and enterprise licensing agreements that larger enterprises have, so they try to squeeze out every last drop of usability from an operating system or application before investing in upgrades.

"I have seen many SMB's that are still running Microsoft Small Business Server 2000 (SBS). I've seen setups where the SBS is sitting open on the internet-- these entities are affected by both the license logging service and active directory vulnerabilities (MS09-064 and MS09-066) and should probably apply the patches as soon as possible. We can always be hopeful that in 2009 few people are still running SBS 2000 but I'm sure it's still out there" says Reguly.

User education and awareness training are also critical components of mitigating against these threats. Pending the testing and implementation of the necessary patches, SMB's can prevent exploits by making sure that employees know what to avoid and how to exercise some common sense.

Reguly summarized by stating "Many enterprises have implemented training programs, but in the SMB I'm not sure that it's overly common. Ensuring users know to ignore unsolicited attachments and avoid sketchy websites is an important thing for a SMB Sys Admin to convey."

For more real-world tech solutions for small and midsized businesses--including cloud services, virtualization, and complete network overhauls--check out PC World's Tech Audit.

Tony Bradley tweets as @PCSecurityNews, and can be contacted at his Facebook page.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftPatch Tuesday

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?