After the recent out-of-band release of patch MS08-67 by Microsoft, the software giant has again released it MS08-78 out-of-band patch.

The patch is tagged as critical and affects Internet Explorer from 5.1 to 7 version. There are a few mitigating factors but I strongly feel that atleast desktop users or systems which is used to surf internet should apply the released patch. Work-around either wouldn’t work in few cases or attackers would come up with a way to bypass this work-around. Read more »

Wow!! Jumbo patch released by Microsoft after a long time (5 years). Out of these 28 patches, 23 of them have been rated Critical, 3 have been rated important and two as moderate. The patches were issued in eight updates for Windows, Internet Explorer, Office, SharePoint, Windows Media, and popular development tools, Visual Basic and Visual Studio.

So these has to be in top to-do lists of security consultants. So one more reason to work or say drive the clients to work to patch.

Read more »

Well as the long name goes, Microsoft has released an article that will help users understand their Exploitability Index. The article briefly explains how to priotize applying released patched in enterprise environment. Depending on the criticality of released patches and their likelyhood of being exploited, application of patches can be accordingly priotized.

Nicely explained with examples, it will be handy for customers.