ITS THAT time of the month again when security patches and their weight make themselves known to you and your systems.
You know the score. You get a mixed bag of things to patch and mend courtesy of Oracle, Microsoft and others. February is no different, and the Microsoft Security Bulletin for this month 2016 is out.
This month's package isn't as bad as the one before it when there were a lot of serious vulnerabilities to deal with, but it still ought to go close to the top of your to-do list for today. Microsoft notes that all versions of Windows are affected, and says that users of users of Windows Vista and later, including Windows 10, need to get patching immediately.
Wolfgang Kandek, CTO at security firm Qualys, loves a good Microsoft security bulletin. He said that Patch Tuesdays have gone downhill since January, but that you ought to be getting on with it by now.
"We are back to normal numbers on Patch Tuesday. After a light start with nine bulletins in January we are getting 12 bulletins (five critical) in February, which is in line with the average count for last year of 12.25 a month. Actually it is 13, but the last one this month, MS16-022, is more of a packaging change," he said.
"It concerns Adobe Flash, a software package where updating has already been handled by Microsoft for the last three and a half years in the Internet Explorer 10 and 11 browsers.
"The highest priority item is MS16-022, which contains fixes for 22 vulnerabilities for Adobe Flash, all of them rated as 'critical' and capa ble of handing the attacker complete control over the target machine."
The Flash business was also praised by Tyler Reguly, manager of software development at Tripwire, who said that this is "one of the best changes" that February has to offer. In case you missed it, no-one likes Flash these days.
"One of the best changes this month is that Adobe Flash Player embedded in Microsoft IE and Edge has finally received its own bulletin. Previously, Microsoft updated the same Knowledge Base on a month-by-month basis with no defining elements," he said.
"This is a welcome change and hopefully bodes well for other areas where Microsoft continues to do this."
A large chunk of the Microsoft fixes provide protection against remote code execution (RCE) threats. One of these applies to Windows Journal, which has interested Craig Young, a security researcher at Tripwire.
"Today marks the 12th RCE bug Microsoft is patching in Windows Journal in just 10 months. This is particularly interesting because Windows Journal vulnerabilities were basically unheard of before 2015," he said.
"While the increased scrutiny of Windows Journal may be an indication of Microsoft's successes in the tablet space, it is important to remember that the flaw is not limited to tablets.
"In fact every piece of software installed on a computer adds to the potential attack surface even if that software is not frequently used." µ
Report calls on UK gov to do more to support Brit businesses
Beta go give it a whirl
Your 2 Unlimited records never sounded (so) good
That's, um, £2,906 over two years