February Patch Tuesday forecast: Key updates to act on

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

February Patch Tuesday forecastLove is in the air! Can’t you feel it? This Patch Tuesday falls the day before the most romantic day of the year – Valentine’s Day!

We’ve been hearing just how much love our fellow security administrators have been shown by both their bosses and their users as a result of the Spectre and Meltdown vulnerabilities.

First Microsoft released a series of patches in early January to mitigate the issue. And then AMD released their firmware updates only to introduce BSODs on some of their older chip sets. And to top it off, the patches for Windows servers require an additional step to enable and the patches conflicted with AV products whose vendors also scrambled to provide definition updates.

Since when did these relationships become so complicated? You can see why our bosses and users just love us as we explain this all to them.

With this recent crisis behind us, it may be a good time to take a look at how well your communication process worked this past month. We all know that on a month-to-month basis there is not a lot of important patch information we need to convey up to management or down to our users. However, when hot topics like Spectre and Meltdown hit the news it is critical to keep everyone informed.

We don’t need to convey the minute details about the vulnerabilities or the mitigations, but we do need to let them know we are aware of the problem and implementing a fix. This will keep most of your fellow employees happy, and you can provide the appropriate level of detail for the remainder of the staff, as needed.

Assess how much ‘love’ you received from your management and users during this latest ’emergency,’ and consider how you might refine your communications methods, as appropriate. Keeping everyone informed (as necessary) is good for all.

On a positive note, the dust is finally settling, and all the vendors involved seem to have a handle on the situation. We are expecting this Patch Tuesday to be much calmer than last month. So seriously, make that Valentine’s Day dinner reservation and enjoy some quality time with your spouse or significant other. You deserve it!

February forecast

  • Adobe released a new Flash update as APSB18-03 in response to an exploited vulnerability, so we may not see anything new this Tuesday.
  • We are expecting the usual Microsoft OS updates this month. They will include the latest Flash update.
  • Google just released their latest Chrome patch last week, but you never know what might show up.
  • Mozilla released an update for Firefox recently, so probably nothing new is coming from them.
  • It’s been three months since the last Acrobat/Reader security bulletin, so a quarterly release for that may show up.