Quiet May Patch Tuesday follows record April
The calm after the storm
Microsoft is giving hard-pressed sysadmins a bit of a breather this month with plans to release only two updates during the May edition of its regular Patch Tuesday monthly update cycle.
Just one of the two bulletins due to be published next Tuesday covers a critical update, in sharp contrast to the record-breaking crop of 17 bulletins addressing 64 vulnerabilities that arrived in April.
The critical update in May's batch involves an unspecified flaw in Windows, but only affects Windows Server 2003 and Server 2008. The second bulletin – rated important – means that Office XP, 2003, 2007 and 2004 for Mac will need patching.
The latest version of Microsoft's application suite is not affected by the flaw.
Despite the light patch load, security experts urge sysadmins not to dismiss the updates as unimportant. "Both bulletins are for remote code-execution vulnerabilities, so IT administrators should track them closely and address them quickly," said Wolfgang Kandek, CTO at vulnerability scanning services firm Qualys. ®
and why the hell...
...is Microsoft pushing out IE9 as a "critical" update? meaning it will automatically install on any machine with automatic updates set?
Doesn't this completely negate the "Browser Choice" crap that was all the rage earlier in the year?
OK so my client machines and servers don't have automatic updates enabled, but it's still a pain hiding the IE update on each machine.
Re: and why the hell...
Agree with the sentiments entirely but is there any reason you are causing yourself the admin headache of not using WSUS?
not spreading FUD
Every machine I have been on recently has had this update pre-ticked.
You are right, it's not a "critical" update, it's an "important" update, but it WILL automatically install without user intervention... it has done it on a number of my users machines when they ran windows update without me telling them to.