Not for ostriches: Patch Tuesday Risk Analysis
By Davey Winder in Editorial
Posted in Blog, Security, Microsoft on
Has Patch Tuesday really been and gone again already? Oh lawdy yes, it has. Which means that you need to know the impact that those updates are going to have on your business. Indeed, I know of some folk who take a twisted ‘if it ain’t too broken don’t let a Microsoft fix break something else’ approach to patch management. Sorry, but that really is Ostrich Security in action if you ask me.
So, assuming your head is not buried in the sand, or firmly stuck somewhere else that I cannot mention in mixed company, what do you do about it? The answer is, of course, let someone else determine the risk and reward process of updating. Which is where those lovely chaps over at ChangeBASE enter the patch management equation. This ain’t no advert, so if you want to find out more about the application come patch management stuff it provides, go Google or visit the website.
Why I mention ChangeBASE at all is because they also issue Patch Tuesday application compatibility labs testing results which can help determine just what the impact on your business of quickly updating will be. This month, so I am informed, the patches and updates fall into the ‘relatively light’ band.
“The updates MS08-055 and MS08-053 relate to Windows Media player which has a minimal impact on the Operating system and few applications have a direct dependency on Windows Media player” ChangeBASE told me, adding “More importantly, MS08-052 includes an update to a core element of the operating system (GDIPLUS.DLL). This file is part of the graphics library for Window XP. Several applications run through AOK can load a version of this file from their source media/download process when they are installed and there is a danger that if this happens the installation will result in an out of date version of this file being loaded and overwriting the version in the patch update this month.”
ChangeBASE tested the following updates this month:
MS08-052: updates key components of Microsoft Messenger and Digital Imager
Impact: MS08-052 updates a core OS level DLL that is responsible for Windows XP/2000 graphics interface. A number of applications contain this file in their application installation routine including; Reuters Messaging, Microsoft Messenger, Macromedia Dreamweaver and Microsoft Digital Image which could cause application compatibility issues when these packages are deployed. In addition, a significant portion of our testing portfolio had a file level dependency on this updated DLL.
MS08-053: Marginal impact and negligible testing profile
Impact: This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.
MS08-054: Marginal impact and negligible testing profile
Impact: This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.
MS08-055: Updates key Microsoft Office components - full application test required
Impact: This Microsoft security update, while not affecting a large portion of the AOK application portfolio did directly affect a number of Microsoft application packages including Office 2003 (standard and professional), Microsoft Visual Basic, and Microsoft Project.
Rated: 100% (1 votes)
Loading ...Make a comment
Tag cloud
Archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- Cuil frozen out: market share drops to next to nothing
20 comments
- Windows XP: the invincible OS
- Gatecrashing the WiFi hotspot party
- The 24 year old software that is still going strong
- Home workers are sick
- Big Brother Apple
- Spear phishing Catch 22 for Salesforce.com
- Dumbest phisher in history revealed
- Is BT misleading consumers with Option 2 broadband?
- Why ecommerce fails
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Betting on Hubdub technology (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Slowly slowly catchee Government IT monkey (100%)
- Who needs another set of web standards? (100%)
- The 6.5 billion quid hello (100%)