This month’s Patch Tuesday is enormous. The good news? Few, if any, of these exploits are currently being exploited in the wild. The bad news? If history teaches us anything it is only a matter of time.
Microsoft released 14 patches covering 34 different vulnerabilities. The scary part of this is what I call the “sea of red”. The Microsoft Security Response Center publishes some very easy to understand infographics explaining the risk of exploitation and the priority you should assign to testing and deploying the fixes. This month most of the fixes are critical and priority 1.
Microsoft’s advice is prudent, and I would follow their guidance in applying these fixes. We should be cautious, but with the risk inherent in some of these flaws we need to act quickly.
It is important to note that simply because many of these flaws effect Windows 7, this should not be a condemnation of the OS or Microsoft’s Security Development Lifecycle (SDL). Windows 7 may be vulnerable to many issues, but it is without question the most secure Windows ever. Time is running out on long term plans to migrate from Windows XP. Windows 7 is still your best bet for a more secure desktop environment.