14 DAY TRIAL // This September has been a slow and quiet month for Microsoft in terms of the sheer volume of vulnerabilities affecting its product, as well as the security patches it has to issue in order to address the flaws. The Redmond company issued a number of just four security bulletins this month patching Windows, Visual Studio, the Windows Live Messenger and MSN Messenger instant messaging clients and the Services for UNIX and the Subsystem for UNIX-based Applications. Out of the four vulnerabilities across these products, only one was rated with a severity level of Critical, the flaw impacting Windows 2000.
Still, just because September saw no real action on the vulnerabilities and patch front, it doesn't necessary mean that it will turn into a trend for Microsoft. Quite the other way around as a matter of fact. Monty Ijzerman, senior manager at McAfee Avert Labs, warned of an escalation of vulnerabilities in Microsoft's software products this fall. Access the graphic at the bottom, provided by Ijzerman in order to get an idea of what awaits you next month. In September, Microsoft has been timid to say the least, with the number of security updates released, but this is nothing else than the calm before the storm.
In September, "Microsoft patched four vulnerabilities. You will have no choice other than to accept the patch for the vulnerability in MSN Messenger since the service is not available otherwise. This particular vulnerability was disclosed back in January so attackers did have time to exploit it but we never became aware of any active exploitation.Of the remaining three vulnerabilities, the one in the Windows Agent is rated critical but only affects Windows 2000 SP4. The other two vulnerabilities, both rated important, relate to a Crystal Reports component in Visual Studio and to Windows Services for Unix. Think this month was boring? Traditionally the month of September contains fewer patches to be followed by an up tick in the Fall so stay prepared!", Ijzerman revealed.
And tradition is just the right term to describe the situation. In September 2006, Microsoft also released just four security bulletins, two rated critical, one important and one moderate. But October of the past year brought with it a veritable fiesta of vulnerabilities and patches with six critical updates, one important, one moderate and one low. 2005 is even more illustrative of the tendency, with no bulletins available in September followed by October with three critical bulletins, four important and two moderate.
