September’s Patch Day Looks Tame (But Watch Out for October)

Yay! After months of relatively busy Microsoft Patch Days, we finally get a light one. This month, you can expect only two bulletins from Microsoft, and neither of them is Critical.

According to the September advanced notification post, Microsoft plans to release two security bulletins next Tuesday, affecting Visual FoxPro and Microsoft System Center Configuration Manager. Microsoft only rates the bulletins as Important.

While this month’s Patch Day looks a breeze, you need to be aware of the upcoming Patch Day in October. According to a Microsoft Trustworthy Computing (TWC) blog post, October’s Patch Day will include a significant change in the way Microsoft software handles digital certificates. In a June Security Advisory, Microsoft released an optional update that forces Windows platforms to only use digital certificates with keys of 1024 bits or higher; thereby increasing the security strength of their PKI. They plan to push this update out to all customers in October.

During the time you save updating this month, I recommend you review your certificate infrastructure to ensure you are using certificates with 1024 bits or more. If you find any certificates that don’t qualify, you can reissue them before October. Otherwise, you may want to use Microsoft’s patch management software to block one of their October updates, and prevent any certificate problems.

Despite the light September Patch Day, I still recommend you download and install any patches that apply to you.  I’ll know more about Microsoft’s updates on Tuesday the 11th, and will post detailed information about them here. — Corey Nachreiner, CISSP (@SecAdept)

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

4 Responses to “September’s Patch Day Looks Tame (But Watch Out for October)”

  1. Some were practical, of course, but others were psychological and emotional.

    Popular prizes include sports tickets, cash and vouchers for drinks, food –
    and dollars off of tabs. Theme Format: It is almost like standard format
    of the pub quiz.

Trackbacks/Pingbacks

  1. WatchGuard Security Week in Review: Episode 32 – UDID Leaks and Java Updates | WatchGuard Security Center - September 7, 2012

    [...] Microsoft patch Notification for September – WatchGuard Security Center [...]

  2. Light Patch Tuesday Brings Two XSS Fixes | WatchGuard Security Center - September 11, 2012

    [...] I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September [...]

  3. Seven Bulletins Planned for October Patch Tuesday | WatchGuard Security Center - October 5, 2012

    [...] don’t forget Microsoft’s planned certificate handling update. As I mentioned in previous posts, Microsoft plans to push an update that forces Windows computers to only accepts 1024 bit (and [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,560 other followers

%d bloggers like this: