Light September Patch Tuesday gives 'false sense of security'
September's Patch Tuesday will not include any "critical" security fixes and, thus, will be a relatively light month, according to Microsoft.
To that end, the five items on this month's slate are all labeled "important."
Windows, Microsoft Office and Microsoft Server and related components are among the programs that will be touched this month. Three of these items are remote code execution considerations and the remaining will relate to elevation-of-privilege risks in the functionality of applicable products and services.
All items may require restarts.
"It's easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident" said Marcus Carey, security researcher from Rapid7, speaking on this month's light offering. "But while there are no 'critical' bulletins this month, organizations should not downplay the vulnerabilities being addressed. I know of organizations that have 30-day patch requirements for 'critical' -- which is too long in my opinion -- and up to three months to patch 'important' and below."
Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.