6 zero-days make this a ‘Patch Now’ Patch Tuesday


Microsoft this week pushed out 50 updates to fix vulnerabilities across both the Windows and Office ecosystems. The good news is that there are no Adobe or Exchange Server updates this month. The bad news is that there are fixes for six zero-day exploits, including a critical update to the core web rendering (MSHTML) component for Windows. We’ve added this month’s Windows updates to our “Patch Now” schedule, while the Microsoft Office and development platform updates can be deployed under their standard release regimes. Updates also include changes to Microsoft Hyper-V, the cryptographic libraries and Windows DCOM, all of which require some testing before deployment.

You can find this information summarized in our infographic.

Key testing scenarios

There are no reported high-risk changes to the Windows platform this month. For this patch cycle, we divided our testing guide into two sections:

Changes to Microsoft OLE and DCOM components are the most technically challenging and require the most business expertise to debug and deploy. DCOM services are not easy to build and can be difficult to maintain. As a result, they are not the first choice for most enterprises to develop in-house.

If there is a DCOM server (or service) within your IT group, it means it has to be there — and some core business element will depend on it. To manage the risks of this June update, I recommend that you have your list of applications with DCOM components ready, that you have two builds (pre- and post-update) ready for a side-by-side comparison and enough time to fully test and update your code base if need be.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. Here are a few key issues that relate to the latest builds from Microsoft, including:

Copyright © 2021 IDG Communications, Inc.



Source link