It’s a banner month in patch land.  Today was Microsoft Patch Tuesday, and it is one more for the record books. Microsoft released 16 patches yesterday (previous record: 14) addressing a total of 51 vulnerabilities (previous record: 34).  A large number of the vulns were addressed by a few large patches to MS Word, Excel, and Internet Explorer (34 of the total).  Expect pushing these beasts to chew up significant resources.

In addition to a variety of other application and OS flaws, Microsoft addressed one more of the 4 zero-day vulns used by the notorious Stuxnet worm, leaving just one unaddressed.  McAfee’s products provide good coverage for this month’s vulnerabilities:

• McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 32 out of 51 new vulnerabilities this month.
• McAfee's Host Intrusion Prevention is expected to provide proactive protection against exploits of 34 out of 51 new vulnerabilities this month.
• McAfee's Network Security Platform now has content to protect against exploits of 29 out of 51 new vulnerabilities. 
• McAfee Vulnerability Manager and Policy Auditor now have content to assess whether your systems are exposed to any of these new vulnerabilities.

In total, combining coverage for host and network countermeasures, we have confirmed coverage for 43 out of 51 vulns. McAfee Labs is still assessing the coverage for other countermeasures, such as Web Gateway and Application Control.

It’s interesting to consider the trends here.  The volume of vulnerabilities being patched by Microsoft and other vendors is increasing at an alarming rate.  At what point do your current patch processes become inefficient and unmanageable?  What happens when Microsoft releases 20 patches in a month?  50?  100?  While that may seem farfetched, I can assure you that there was a time not too long ago when 16 would have been ludicrous.   The reactive processes that our industry relies on today cannot scale indefinitely.  The time to start thinking out of the box is *now*.  There are tools and techniques (removing admin rights, application whitelisting, behavioral detection and blocking) that wise enterprises are testing and deploying *now* in order to ensure continued stability in today’s rapidly changing ecosystem.

To get continuous updates on this month’s patches, you might like to subscribe directly to McAfee Labs Security Advisories.  You’ll find more information, and a signup link, below.

http://www.mcafee.com/us/mcafee_labs/gti_mtis.html
http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx

McAfee Risk Advisor provides this information directly within ePO, along with detailed analysis of where you are, and are not, covered by existing countermeasures.  Raj Rajamani has posted some sample reports for October on the Risk Advisor blog:

 

https://community.mcafee.com/groups/risk-advisor/blog/2010/10/15/october-2010--m icrosoft-patch-tuesday-reports