Microsoft released two security updates addressing one Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office.
MS11-035 (Windows) is the top priority bulletin this month, and as always, Microsoft recommends that customers test and deploy both bulletins as soon as possible.
Wolfgang Kandek, Qualys CTO, comments: “The two patches released today came with the new and improved exploitability index rating that was announced by Microsoft last week. The original exploitability index is now split into a rating for the most recent version of the software, and an aggregate rating for all older versions. For example in MS11-036, which is an Office bulletin, the latest versions, both Office 2010 and Office 2011 for Mac were not affected. Therefore the exploitability rating for the latest version is ‘Not Affected’ and for older platforms is 2. This new system more accurately reflects risk to customers that keep their environments updated with the latest product releases.”
To learn more about patching challenges and techniques read our interview with Wolfgang Kandek, where he offers his extensive knowledge on the subject.