September 2012 Patch Tuesday Advance Notification
Last month during my monthly webinar about the August Patch Tuesday, I talked about the days of alternated light and heavy Patch Tuesdays being over. With the September 2012 Patch Tuesday Advance Notification, I am being proved wrong.
The following graph shows the number of security bulletins released by Microsoft since January 2011. The last time we have seen such a low number of security bulletins released by Microsoft on Patch Tuesday was all the way back in May 2011.
Next Tuesday, Microsoft is planning to release two security bulletins addressing two vulnerabilities.
Security Bulletin Breakdown:
- 2 bulletins are rated as Important
- 2 bulletins addressing vulnerabilities that could lead to Elevation of Privilege
Affected Products:
- Microsoft Visual Studio Team Foundation Server 2010
- Microsoft Systems Management Server 2003
- Microsoft System Center Configuration Manager 2007
The products affected this month are products that are not commonly installed on machines. So, this will give administrators time to get ready for the non-security update KB2661254.
I have documented the saga in regards to the digital certificate hardening effort by Microsoft. With the September October 2012 Patch Tuesday, Microsoft is going to mark the update as non-optional in their Windows Update and WSUS products. If administrators do not pay attention to the patches they approve for their machines, this patch will be deployed to their entire network. This patch could have hefty ramifications if not tested and deployed.
I also added a blog late last month talking about the implications of the non-security patch and System Center Updates Publisher (SCUP) installations. This blog posting shows the issue and solution. The blog posting is also a prime example of what could potentially happen with programs on administrator's networks if they do not properly investigate and test this patch.
I will be going over the September Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar. As this is an extremely light month in terms of Microsoft security bulletins, I will be spending some time talking about non-security update KB2661254. This webinar is scheduled for next Wednesday, September 12th at 11:00am CT. You can register for this webinar here.
- Jason Miller