Patch Tuesday

Le « Patch Tuesday » existe depuis des années, mais on insiste trop sur les mises à jour Microsoft. Il est plus difficile que jamais pour le département IT de sécuriser l’environnement des utilisateurs.

La plupart des vulnérabilités sont identifiées et résolues par les fournisseurs et le département IT doit autoriser davantage de logiciels dans les environnements pour satisfaire les utilisateurs. Il ne suffit plus de mettre à jour les systèmes d'exploitation et les applications Microsoft. Nous utilisons des environnements hétérogènes, et Mac OS X côtoie des applications Adobe, Oracle, Google, Mozilla, Citrix et celles de nombreux autres fournisseurs dans les réseaux actuels. Cela rend la gestion des vulnérabilités particulièrement complexe. Ivanti va au-delà des correctifs d'application. Il vous apporte les conseils nécessaires pour trier la masse des mises à jour disponibles chaque mois. Vous pouvez ainsi déterminer les éléments qui nécessitent votre attention en priorité.

Consultez les analyses en amont sur notre blog Ivanti, qui résume les mises à jour dès leur publication. Rejoignez ensuite Chris Goettl, expert du domaine, pour le webinar « Patch Tuesday », qui présentera en détail chacun des posts publiés et vous fournira des conseils concernant les risques associés aux vulnérabilités nouvellement identifiées.

À venir

octobre 2017 (11 octobre)
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.

Précédent

septembre 2017 (13 septembre)

If Equifax andThe Shadow Brokers were any indication, September Patch Tuesday drives home the fact that security concerns are alive and well this month. There are some Win10 public disclosures to attend to, and plenty of other Critical updates to go around—so let the update party commence! Plus, this month’s zero day serves as a reminder to limit admin rights in your environment as well.

août 2017 (9 août)

August Patch Tuesday continues the trend of providing some time to get your house in order. Don't let the number of Critical updates fool you: most are expected. You can take those on and attend to some of the revenue-generating business goals waiting in the wings. With no exploits in sight, you might even find yourself whistling while you go about your day. 

juillet 2017 (12 juillet)

May and June brought tornadoes of weaponized malware, but we appear to have blue skies in Kansas again for July Patch Tuesday. Don't get too comfortable, though. If history is any indication, we're in the eye of the cyber threat storm. So, use the downtime wisely: fewer updates today mean you can really focus on the public disclosures to get your house in order before the winds start picking up. 

juin 2017 (14 juin)

Relative calm may have seemed the forecast for June Patch Tuesday, but it turns out we were in the eye of the storm. Adobe came aboard with a critical update. But more to the point, a red sky appeared this morning with a newly exploited SMB vulnerability, and Microsoft is plugging that hole in its boat today. It’s also taken the recent onslaught of attacks as a missive to review legacy software and release additional updates. It’s all hands on deck today for those still relying on older systems.

mai 2017 (10 mai)

There’s no fix today for Microsoft’s new “crazy bad” vulnerability in the Malware Protection Engine. Stay tuned and stay vigilant—while you tackle what May Patch Tuesday does have to offer. Top of mind should be the updates that patch exploited vulnerabilities as well as the Flash Player update. And in this second month since Microsoft nixed security bulletins, you’ll see we’re making tweaks to our approach to keep updates organized and easy to reference.

avril 2017 (11 avril)

Given last month’s torrential patch downpour, April Patch Tuesday was bound to make a quieter entrance-but that doesn’t mean that it sprinkled. Anything but, in fact. The list includes swan song security updates for one Windows OS and the first of many for another. And speaking of Vista: patch away, then deal with the aging software you can no longer patch. This month’s IIS 6.0 Zero Day underlines the need for continued vigilance.

mars 2017 (15 mars)

March Patch Tuesday certainly came in like a lion, with Microsoft releasing two months of updates at once. February’s SMB Zero Day disclosure made its entrance this month, IE updates struck out on their own, and those are far from the only bulletins to take the March Patch Tuesday stage. Rumors of the demise of Patch Tuesday Security bulletins have been greatly exaggerated.

janvier 2017 (10 janvier)

January has ushered in a new year of Patch Tuesdays with a manageable number of updates and no exploits or Zero Day vulnerabilities. This could be the calm before the storm. This is the lightest Patch Tuesday since January 2014. Next month you should expect some adjustments and more updates as Microsoft changes methodologies. This is also the last Patch Tuesday where Microsoft will use Security Bulletins.

décembre 2016 (13 décembre)

December Patch Tuesday has a flurry of exploits and public disclosures. Coming in to Patch Tuesday we already had one Zero Day from Mozilla (CVE-2016-9079), which updated on November 30th. Today Adobe released 9 bulletins, including a Critical update for Adobe Flash that resolves a Zero Day (CVE-2016-7892). And Microsoft is updating Flash for IE and resolving 5 publicly disclosed vulnerabilities.

novembre 2016 (8 novembre)

While the results of today’s US presidential election may be out of your hands, you can still impact the outcome of Patch Tuesday on your environment. You can’t buy votes for your favorite candidate, but you can buy yourself some time by implementing privilege management and application control. Reduce the risk of threats that could target your users before patches get applied.

octobre 2016 (11 octobre)

 

After several months with no zero day disclosures, October Patch Tuesday brings updates for four vulnerabilities already exploited in the wild. Beginning this month, Microsoft and Adobe are also changing how they distribute their updates, which may impact how you can access the patches. Finally, we are expecting a Google Chrome release today and Oracle’s Quarterly CPU next week, so plan on updates for Java JRE and many other Oracle solutions.

septembre 2016 (13 septembre)

This month's Patch Tuesday includes several critical updates that address vulnerabilities targeting end users, all of which should be considered top priorities. Both Adobe and Microsoft also released critical updates for Flash Player. September 2016 will be the final Patch Tuesday on the old servicing model. Starting in October, Microsoft has announced a change to the servicing models for all pre-Windows 10 operating systems.

août 2016 (9 août)

Google and Mozilla both released their critical updates last week, and there is plenty more to think about from Microsoft. This month, all five of the Critical bulletins from Microsoft addressed user-targeted vulnerabilities.  If you haven't already, it may be time to consider adding privilege management as extra protection against these kinds of threats. Finally, if you are looking at the most recent Windows 10 update, you might want to hold off for a bit.

juillet 2016 (12 juillet)

Even though there are no Zero Day vulnerabilities, July's Patch Tuesday is far from boring. Several of the vulnerabilities are user-targeted and could be mitigated with proper privilege management - a good reminder of the value of a layered security defense in protecting against both unknown and currently unpatched vulnerabilities.

juin 2016 (14 juin)

It is raining in the UK and Adobe Flash Player has a zero day. Neither of these events are all that surprising. CVE-2016-4171 was observed in limited, targeted attacks by members of Kaspersky Lab. Adobe has announced an imminent release of Adobe Flash Player as early as Thursday June 16 to add to Microsoft's 16 bulletins.

mai 2016 (10 mai)

Patch Tuesday has a few juicy surprises for us. One vulnerability being exploited in the wild affects both Internet Explorer and Windows, and two public disclosures will raise concerns with Internet Explorer and .Net Framework.  We also have a Zero Day in Flash Player.

avril 2016 (12 avril)

Leading up to April Patch Tuesday has been like the weather forecast with the stormy hype around the Badlock vulnerability that affects Samba and Windows. With Badlock, instead of rain, the reality is partly cloudy. There are eight total CVEs relatived to Badlock; only one affects Windows (MS16-047). The other 12 bulletins from Microsoft and updates from Adobe and Oracle should be the focus for this month.

mars 2016 (8 mars)

March Patch Tuesday brings lots of updates, but no public disclosures or exploited vulnerabilities -yet. The Microsoft updates tackle social engineering threats, addressing vulnerabilities the IE and Edge browsers and Windows, where users might be convinced to open specially crafted web content, files and media.

février 2016 (9 février)

February Patch Tuesday started a bit early with Oracle releasing an out-of-band update for Java to resolve a critical vulnerability that allows DLL Hijacking. Microsoft has released 13 bulletins, six of which are critical, resolving a total of 42 vulnerabilities. Of the vulnerabilities being resolved, two have been publicly disclosed. We also have releases from Adobe for Flash and Photoshop, Mozilla for Firefox, and Google is expected to release a Chrome udpate with security fixes and support for the latest Flash Plug-In.

janvier 2016 (12 janvier)

Microsoft has released 12 bulletins, nine of which are critical, resolving a total of 71 vulnerabilities. Adobe released a whopper of a Flash update resolving 78 vulnerabilities.  Google Chrome is dropping today as well. Aside from an update for the Flash Player plug-in and its 78 security fixes, there are reportedly security fixes coming for the browser as well.

Aucun résultat trouvé