Light September Patch Tuesday gives 'false sense of security'

September's Patch Tuesday will not include any "critical" security fixes and, thus, will be a relatively light month, according to Microsoft.

To that end, the five items on this month's slate are all labeled "important."

Windows, Microsoft Office and Microsoft Server and related components are among the programs that will be touched this month. Three of these items are remote code execution considerations and the remaining will relate to elevation-of-privilege risks in the functionality of applicable products and services.

All items may require restarts.

"It's easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident" said Marcus Carey, security researcher from Rapid7, speaking on this month's light offering. "But while there are no 'critical' bulletins this month, organizations should not downplay the vulnerabilities being addressed. I know of organizations that have 30-day patch requirements for 'critical' -- which is too long in my opinion -- and up to three months to patch 'important' and below."

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected