Page 2 of 2
Remaining patches are listed as "important" and close vulnerabilities in SQL Server, Microsoft Works, Kerberos and SharePoint. Two of the bulletins address additional concerns such as HTML sanitization and a vulnerability in the Windows kernel that could enable elevation of privilege.
"Look at the products that are being patched and then prioritize based on what's running on your network," advised VMware's Miller. "If you're a heavy SQL user, you could easily be vulnerable to a cross-site scripting attack, so that might be one that you move to the front of the line."
According to Paul Henry, security and forensic analyst at Lumension, Microsoft appears to be making headway in its ongoing drive to enhance OS security. He ties this improvement to the company's Secure Coding efforts.
"If you look at the numbers, last year at this time we had well over 80 patches; this year to date, we are at 70. So, that's a nice drop overall," he said. "Critical issues plaguing their operating systems seem to have dropped off. I hope it's not just a skew in the numbers.
"Shortly after XP, Microsoft really started to drill down hard on security," he continued. "They went overboard in many respects with Vista, and it began to impact user experience. So, they backed up and regrouped with Windows 7, which is really Vista Two. So, it looks like they're getting their ducks in a row."