Light MS Patch Tuesday, but mobile security could pile on the pressure


Light MS Patch Tuesday, but mobile security could pile on the pressure

Warwick Ashford

Microsoft is expected to release only three security bulletins in their monthly Patch Tuesday security update on 8 March, according to the latest advance notification.

This is a relatively small update compared with February's 12 security bulletins addressing 22 vulnerabilities.

Only one of the March bulletins is rated as critical, with the other two rated important.

The critical update affects Windows XP, Vista and Windows 7, but Windows Server 2003 and Server 2008 are not affected.

One of the important updates affects all Windows operating systems. "We expect it to be for the MHTML Information Disclosure issue, which was left un-patched in last month's patch cycle," says Amol Sarwate, manager of the vulnerability research lab at security firm Qualys.

The remaining important update patches the little-known Office Groove 2007 software. There is nothing in the advance notice to suggest there will be a patch to address the recently exposed Internet Explorer zero-day vulnerability.

"Overall, we expect this month's Patch Tuesday to be easy for deployment for organisations and individuals," says Sarwate.

But, the light patch Tuesday will not necessarily mean a respite for businesses, says Alan Bentley, senior vice-president international at security firm Lumension.

"Although it might be a quieter month for Microsoft, Apple on the other hand has been busy, having released a patch to address more than 50 flaws with iTunes, which affects Apple's own products as well as Windows products," he says.

Mobile security is also coming into play, says Bentley. "DroidDream" malware attacked Android users, infecting an estimated 200,000 smartphones, with more than 50 applications affected and withdrawn as a result.

"The growing adoption of traditionally 'consumer' products from the likes of Apple by business users, and the establishment of the app stores on our handsets, we're going to see the threat implications that this may have on the enterprise becoming a bigger focus for business security," says Bentley.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy