News

Light MS Patch Tuesday, but mobile security could pile on the pressure

Microsoft is expected to release only three security bulletins in their monthly Patch Tuesday security update on 8 March, according to the latest advance notification.

This is a relatively small update compared with February's 12 security bulletins addressing 22 vulnerabilities.

Only one of the March bulletins is rated as critical, with the other two rated important.

The critical update affects Windows XP, Vista and Windows 7, but Windows Server 2003 and Server 2008 are not affected.

One of the important updates affects all Windows operating systems. "We expect it to be for the MHTML Information Disclosure issue, which was left un-patched in last month's patch cycle," says Amol Sarwate, manager of the vulnerability research lab at security firm Qualys.

The remaining important update patches the little-known Office Groove 2007 software. There is nothing in the advance notice to suggest there will be a patch to address the recently exposed Internet Explorer zero-day vulnerability.

"Overall, we expect this month's Patch Tuesday to be easy for deployment for organisations and individuals," says Sarwate.

But, the light patch Tuesday will not necessarily mean a respite for businesses, says Alan Bentley, senior vice-president international at security firm Lumension.

"Although it might be a quieter month for Microsoft, Apple on the other hand has been busy, having released a patch to address more than 50 flaws with iTunes, which affects Apple's own products as well as Windows products," he says.

Mobile security is also coming into play, says Bentley. "DroidDream" malware attacked Android users, infecting an estimated 200,000 smartphones, with more than 50 applications affected and withdrawn as a result.

"The growing adoption of traditionally 'consumer' products from the likes of Apple by business users, and the establishment of the app stores on our handsets, we're going to see the threat implications that this may have on the enterprise becoming a bigger focus for business security," says Bentley.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy