‘May Day, May Day’: Microsoft scrambles to plug critical holes

No time for IT admins to stop and smell these May flowers
No time for IT admins to stop and smell these May flowers

The four other security bulletins are rated “important”. In all, 23 security bugs will be squashed in Microsoft’s Patch Tuesday update.

“The disruptive restarts and the wide range of platforms impacted by this month’s bulletins will have IT teams scrambling to accomplish their flaw remediation tasks. With the workload from Oracle and now the bulletins expected from Microsoft many will unfortunately not get a break”, commented Paul Henry, security and forensic analyst for Lumension.

“Pending the official release from Microsoft on Tuesday, of greatest concern this Patch Tuesday period are Critical Bulletins 2 & 3, which impact both legacy and current generation operating systems”, he added.

Wolfgang Kandek, chief technology officer with Qualys, agrees that the critical bulletins should receive IT administrators’ attention. “The three critical bulletins provide fixes for Microsoft Office, Silverlight and .NET, with Bulletin 2 actually impacting all three products. These bulletins will be highest priority for IT admins, especially Bulletin 1, which has critical rating for Office 2003 and 2007 which we do not see all that often. Bulletin 1 also affects Office for the Macintosh, but is rated only important on that platform.”

Andrew Storm, director of security operations for nCircle, noted that Microsoft has squashed more security bugs this year than last year at this time. “CVEs correspond to the number of bugs fixed, and this year Microsoft is on a CVE streak. With the 23 CVEs in May’s patch, Microsoft’s CVE count has already reached 70 for 2012. This time last year Microsoft issued just 59 CVEs.”

What’s Hot on Infosecurity Magazine?