Small Business Susan

Migratin' over from SBSDiva

Home

There’s critical and then there’s critical.

On June 13, 2011, in Security, by

There’s critical and then there’s critical.

Next Tuesday 16 bulletins are going to be released and the first thing I do when the bulletins come out next Tuesday is see if there are icky ones I can wait/slide on.

Bulletin ID	Maximum Severity Rating and Vulnerability Impact	Restart Requirement	Affected Software
Bulletin 1	Critical Remote Code Execution	Requires restart	Microsoft Windows
Bulletin 2	Critical Remote Code Execution	May require restart	Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight
Bulletin 3	Critical Remote Code Execution	Requires restart	Microsoft Forefront Threat Management Gateway
Bulletin 4	Critical Remote Code Execution	Requires restart	Microsoft Windows
Bulletin 5	Critical Remote Code Execution	Requires restart	Microsoft Windows
Bulletin 6	Critical Remote Code Execution	Requires restart	Microsoft Windows
Bulletin 7	Critical Remote Code Execution	May require restart	Microsoft Windows, Microsoft .NET Framework
Bulletin 8	Critical Remote Code Execution	Requires restart	Microsoft Windows, Internet Explorer
Bulletin 9	Critical Remote Code Execution	May require restart	Microsoft Windows, Internet Explorer
Bulletin 10	Important Information Disclosure	May require restart	Microsoft Windows
Bulletin 11	Important Remote Code Execution	May require restart	Microsoft Office
Bulletin 12	Important Elevation of Privilege	Requires restart	Microsoft Windows
Bulletin 13	Important Denial of Service	Requires restart	Microsoft Windows
Bulletin 14	Important Denial of Service	Requires restart	Microsoft Windows
Bulletin 15	Important Information Disclosure	May require restart	Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio
Bulletin 16	Important Elevation of Privilege	May require restart	Microsoft Window

If it says Important, denial of service – information disclosure, I’m really reading to see if I really HAVE to install these this week.

SQL says Important – information disclosure. Heck I’ll bet a small firm discloses more information on Facebook. Granted I haven’t read the bulletin yet, but more often than not Microsoft’s idea of an important information disclosure item is an internal attack. For me that’s an HR issue, not an immediate patching event.

http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx

Next Tuesday the patches will be released.

Be there. I’ll be giving my color commentary on what to patch and what to wait on as usual.