Page 1 of 2
Microsoft has released its list of patches for the month of November, as the vendor always does on the second Tuesday of the month. The current edition includes six bulletins, four of which are rated as critical.
This month's tally brings the total number of patches for the year to 76. Wolfgang Kandek, CTO of Qualys, predicts that the total number for 2012 will be well below 100. This would represent fewer patches for this year then were issued in 2010 and 2011.
"The most important update is probably the one for Internet Explorer, but it's only Internet Explorer 9," he said. "If you use this browser, you need to apply the patch immediately, but our statistics show that not too many people in the enterprise are currently using Internet Explorer 9. Last time we looked was in August, and it was only used by about 10 percent of our customers."
According to Microsoft, there are no active exploits associated with the bug, yet it is important to get patched as soon as possible because the issuance of the patch will raise awareness among cyber criminals.
"It's like a broken record," said Jason Miller, manager of research and development at VMware. "Every time you see a browser update, you want to get to it right away. This one only impacts Internet Explorer 9, but as is the case with any browser, you want to get it updated as soon as possible.
Meanwhile, Kandek rates the patch for Excel as the second most important vulnerability on the list. "This is mostly because pretty much everyone has it installed." The vulnerability is only marked as "important" by Microsoft.
"I think it's only listed as important because it requires a number of steps on the part of the end user before the vulnerability becomes exploitable," said Paul Henry, security and forensic analyst at Lumension. "But if you're using Excel, it makes sense to put that in the queue once you've taken care of these larger vulnerabilities."