Record patch Tuesday: What you need to know

Microsoft is putting out 17 security bulletins, and IT admins have little time to apply the patches before the holidays

Today is the final Microsoft Patch Tuesday for 2010. It has been a busy year for Microsoft when it comes to security bulletins, and December is no exception as Microsoft closes out the year with a record 17 security bulletins. With only a week or so until many IT admins plan to kiss 2010 goodbye and break for the holidays, it is important to understand and prioritize the latest patches for quick implementation.

Joshua Talbot, security intelligence manager for Symantec Security Response breaks down the 2010 milestones for Microsoft. "Seventeen bulletins are the most ever issued in a single month. Also, Microsoft has now released 106 security bulletins in 2010--the first time topping the century mark since the Patch Tuesday program began. The next closest was 78 in 2006 and 2008. Finally, by Symantec's count Microsoft far surpassed the number of vulnerabilities patched in a single year with 261. The previous record was 170 set last year."

Depending on your perspective, 2010 either proves just how flawed and vulnerable Microsoft software is, or it illustrates how successful Microsoft has been at identifying and resolving vulnerabilities. I tend to side with the perspective that the software itself is not any more flawed than previous years--in fact possibly less--but that Microsoft has become more agile at addressing vulnerabilities as they are discovered.

A Microsoft spokesperson sent along some guidance. "Microsoft encourages customers to test and deploy all updates as soon as possible to help prevent criminal attacks on their computers."

Microsoft provides the Severity and Exploitability Index, as well as a Deployment Priority guide to help IT admins asses the risk and prioritize the updates. As a part of that guidance, Microsoft stresses that the two Critical security bulletins--MS10-090, the security bulletin addressing Internet Explorer vulnerabilities, and MS10-091, the security bulletin related to flaws in the Windows operating system--be given priority attention.

Andrew Storms, Director of Security Operations for nCircle, agrees with the urgency for the IE update. "The most important bug this month is clearly the IE update that includes a fix for the outstanding zero-day bug discovered in early November. With more and more people shopping online this time of year, it's important for everyone to patch their browsers."

"Many of the patches are deemed as "important," and a very low amount marked as "critical" vulnerabilities," said Dave Marcus, director of security research and communications at McAfee Labs. "It seems the majority of Patch Tuesday's are bringing record numbers of updates, and other applications from Adobe, Oracle have increasing numbers as well. The threat landscape is clearly broadening, and if organizations wait to patch, it gives cybercriminals an opportunity to exploit data."

A spokesperson for Webroot e-mailed me to stress that IT admins go the extra mile to test and implement patches as quickly as possible before taking off for the holidays. "People should apply the patches as soon as they can to remain fully protected against malware. It doesn't take exploit kit creators long to build new exploits once patches have been released, so getting the fixes applied before new exploits hit the net is going to be a race against time."

Webroot also points out that most of the patches require a reboot to complete, and that systems that update while users are away over the holidays could be at risk of losing data in open files on the desktop. Webroot suggests, "People might want to either fully power down a work PC if you're going to be away from the office or at least save all your work and close any open apps so you don't lose anything when Windows Update tries to force the PC to reboot during the patch installation."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityMicrosoftnetwork securityfirewallspatches & drivers

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?