Patch Tuesday gives administrators breathing space

gallery

The relatively low number of patches rolled out by Microsoft yesterday has given stressed IT administrators more time for other urgent work, according to industry commentators.

As reported by IT PRO, four fixes were pushed out as part of Microsoft's monthly Patch Tuesday to patch up holes in Windows 2000 SP4, Visual Studio, Messenger and Windows Services for Unix. This compared with nine patches the previous month.

Experts said that IT administrators would be able this month to get on with other work.

"This relatively light Patch Tuesday schedule should provide IT administrators some breathing room to update network inventories, address backlogged vulnerabilities, classify assets, prioritise risk, and measure recent response times for patch implementation," said Alan Bentley, Regional vice president of Lumension Security (formerly PatchLink).

Other experts said that the Microsoft Agent ActiveX control bug affecting Windows 2000 was a sign of a significant increase in ActiveX vulnerabilities.

"Attackers are targeting trusted web brands, such as social networking sites, and then waiting for their victims to come to them so they can exploit the vulnerability and gain access to the individual's computer," said Kevin Hogan, senior manager at Symantec Security Response.

"Due to the availability of public proof-of-concept code, we also think the MSN Messenger and Windows Live Messenger vulnerability is a high urgency issue."

Ben Greenbaum, a security researcher at Symantec Security Response said that from the perspective of an affected user, "the knowledge that they could have upgraded some time ago may not be much solace."

He said that he fully expected more ActiveX vulnerabilities to come out into the open this year.

Email to a friend

Print this page