CONTACT INFO

SCHWARTZ HOMEPAGE

TANGLED WEB

Patch Tuesday

October Wednesday Wrap-Up: Patch Tuesday in a Nutshell

The October 2010 Patch Tuesday was without a doubt record breaking. According to Dan Goodin of The Register, this is the largest number of bugs ever to be fixed in a single Patch Tuesday release. Almost 50 vulnerabilities were patched this month, emphasizing the importance for end-users worldwide to install updates as soon as they become available.

Although in previous posts we’ve explored the possibility of “up” and “down” months, it appears that since vulnerabilities are more quickly becoming more public, we are likely to continue to see large batches of patches released each month.

The highlights for October

  • There were a total of 16 patches released this month, targeting 49 vulnerabilities.
  • Four of the patches are labeled as critical, all of which specifically target Microsoft Windows.
  • One of the critical patches addresses the .NET framework that has been discussed in the past.
  • Ten of the patches are labeled as important; the remaining two patches are labeled moderate.
  • MS10-071 addresses ten vulnerabilities in IE specifically, with an elevated threat that applies to IE 7 and 8 that run on Windows Vista or Windows 7.
  • Three of the bulletins address 34 of the total vulnerabilities.

Some other key points
This continued increase in the number of vulnerabilities addressed each Patch Tuesday leads one to wonder: by how much have we really exceeded previous years? Ryan Naraine points out just how many vulnerabilities have been patched this year in comparison to the previous three years:

  • 2010 – Total 86 security bulletins (as of October 13, 2010)
  • 2009 - Total 74 security bulletins
  • 2008 - Total 78 security bulletins
  • 2007 - Total 69 security bulletins

But that’s not all folks! Along with your Microsoft Patches, you’ll also get…
In addition to the incredible number of vulnerabilities patched this month, Mac users also found that themselves under attack, as Apple recently released a security patch for a file-sharing issue in OS X. Oracle also released some critical updates, which contained 29 new security fixes across Java SE and Java for Business products. And we can all recall the Adobe patches released earlier this month that fixed 23 vulnerabilities.

It’s a fair assumption to make, especially as we move toward the holidays and online shoppers take advantage of the accessibility of the Web for gift purchases, that we may see an increase in the number of vulnerabilities identified in Web browsers over the next few months. Unfortunately, it’s likely these vulnerabilities will become known to use through various attack methods.

As we enter the holiday season, what do you think we’ll begin to encounter? Anything new? Or just more of the same?

Tags: .NET framework, Adobe, Apple, critical patches, elevated threat, Internet Explorer, Microsoft, Oracle, Patch Tuesday, vulnerabilities

Posted by Kristin Forte Allaben on October 14, 2010 at 11:48 AM
| TrackBack (0)

Author Profiles

Shweta Agarwal - Bio
Kristin Forte Allaben - Bio
Dave Bowker - Bio
Deepika Bharadwa - Bio
Tiffany Darmetko - Bio
Matt Grant - Bio
Bill Keeler - Bio
Katerina Korfias - Bio
Ross Levanto - Bio
Bryan Scanlon - Bio
Nicole Solera - Bio

Feeds

Recent Posts

The Pulse

Client Blogs

Categories

Archive