A Techie in Utah

July 16, 2006

Powerpoint Flaw

Filed under: Patch Management — techieinutah @ 7:45 pm

There has been some news lately about several Excel issues, while now it is PowerPoints turn in the spotlight. I hadn’t really sat back and thought about the Office exploits very much, I just sort of assumed it was business as usual (which is a sad statement in itself), but then I saw this short news story…

As Security Fix and others have noted, some of the work Microsoft has done in hardening the security of the Windows
operating system has forced the bad guys to look for lower-hanging fruit in applications that run on top of Windows, so we may see more Office flaws under attack.

While that makes total sense, before the OS was the easiest place for people to attack the system, but now that Microsoft is starting to pay attention to the OS holes – the people looking to attack your machines are just moving on to another MS product.

Of course I like the small mention at the end of the story about OpenOffice.

June 15, 2006

I forgot about Patch Tuesday

Filed under: Patch Management — techieinutah @ 9:48 pm

I was traveling on Tuesday and forgot all about one if the IT Worlds best days… Microsfot Patch Tuesday. That once-a-month event that we all live for – NOT.

This turned out to be a pretty big release….

Microsoft released a slew of patches to fix eight "critical" security flaws in Windows and Microsoft Office. The patches released yesterday mark the biggest security update from Microsoft since February 2005.

The good news is only 8 out the 13 are critical, there is a relief. One of them is for the zero-day Word vulnerability.

Searchwinit has a good summary.

May 15, 2006

Microsoft Patching 3rd Party Applications

Filed under: Patch Management — techieinutah @ 1:34 am

This story on Information Week about Microsoft patching 3rd party applications was new to me. Accroding to another story Microsoft pushed out a patch to Adobe Flash on Tuesday last week, the first time it has patched a product other than its own.

What does this mean for other patching tools? One of the strengths of a product like PatchLink is that is does more than just patch Microsoft, it provides updates/patches for dozens of other products – including Adobe and Macromedia.

What is Microsoft planning on doing?

  • Are they going to only patch specific applications from 'preferred' software vendors?
  • Are they going to patch all of the applications on a machine?
  • Are they only going to patch applications on an ad-hoc basis?

I think this opens some other questions:

  • Do we trust Microsoft to patch other applications? They have enough problems with their own products.
  • How is Microsoft going to choose what applications to patch? People already have a hard enough time keeping their system up to date, now they are going to have to figure out which applications Microsoft takes care of and which ones it doesn't do.
  • While this might be a good thing for home users, how is this going to impact enterprise customers? Microsoft doesn't have the best tools for managing their own patches at the moment, how are they going to allow corporate customers to manage 3rd party applications.

Like the story asks… "Is this a move to take more accountability of bundled, partnered products in Windows?"

Blog at WordPress.com.