Patch Tuesday: Microsoft Releases Four Critical Updates

Microsoft released a new round of updates for a variety of products and platforms on Patch Tuesday this week, prefaced by a reminder that support for Windows XP and Office 2003 will end in April 2014. While Microsoft's efforts to get businesses moving off of Office 2003 and Windows XP may have occasionally come across as a bit ham-fisted and desperate at times, the point is a valid one: Windows 7 is the most secure Microsoft client OS ever, and anyone who can afford to make the move should seriously consider it.

This round of updates is headlined by four critical updates, including two that are drawing the most attention: a significant set of updates to Internet Explorer (MS12-023) and one for the MSCOMCTL.OCX ActiveX control (MS12-027). The former patches a set of vulnerabilities that could "allow a third party to gain the same user rights as the current user," while the latter prevents remote code execution if an un-patched web surfer visits a site that contains "specially crafted content designed to exploit the vulnerability."

In addition to all the patches being offered by Microsoft, the current IT landscape also requires that admins make sure that software from vendors other than Microsoft remain patches and updated as well. "Knowledge truly is power, and admins really need to review the available patch and security information [from key software vendors] on a regular basis," says Jason Miller, VMware's Manager of Research and Development. "It's very important, if not critical, to keep tabs on what companies like Adobe are also doing.

Miller also stressed that administrators need to take a proactive posture when it comes to security, and not just rely on reactive solutions like anti-virus software and software updates. Miller suggested that admins would be well-advised to pay attention to what he called the "sweet spot" of IT security, which includes using a good anti-virus solution, configuration management, patch management, and an updated firewall solution.

For more information, check out Miller's overview of this week's Patch Tuesday and the Microsoft Security Response Center (MSRC) blog.

Have you deployed this week's updates from Microsoft? Share your thoughts by adding a comment to this blog post or contributing to the discussion on Twitter.