Alan Bentley, Managing Director of PatchLink EMEA comments: Microsoft is planning to issue three critical fixes (2 Security Updates for Windows, 1 Security Update for Exchange), which may require a restart. In order to maintain business continuity and provide ongoing protection across the enterprise, IT administrators need to carefully complete a thorough and accurate inventory of their IT assets and prioritise the patching process.
IT administrators need to test the critical patches in their respective environments to ensure there are no disruptions before deploying them across the entire network.
Organisations that have got to grips with Patch Tuesday should not be lulled into a false sense of security as the number of non-Microsoft vulnerabilities is growing. Ninety-six out of the one-hundred new vulnerabilities reported by SANS in the first week of April 2006, were non-Microsoft software-related vulnerabilities. These statistics re-enforce PatchLink´s assertion that regardless of the operating system or application in which a new vulnerability arises, customers need to patch across multiple platforms and application layers.
As IT environments become increasingly heterogeneous, hackers are increasingly targeting non-Microsoft, browsers, platforms and applications. The best network security strategy is to ensure that all systems across the network have the most up-to-date patches, software updates and policy changes, regardless of whether it’s a Microsoft product or not.