It looks like May will bring us only 2 patches from Microsoft next week. Both remediate Remote Code Execution vulnerabilities.
- 1 patch for Windows 2003 & 2008
- 1 patch for Office, specifically Powerpoint.
Microsoft also announced that they will be publishing two Exploitability Index ratings per vulnerability. One for the most recent platform, the other as an aggregate rating for all older versions of the software to make it easier for customers to determine their risks.
DarkReading has posted an excellent article, outlining a fictitious breach at a fictitious company. The company experiences an SQL Injection attack that results in a short spike in memory and resource usage which is misdiagnosed and virtually ignored. The company has tied its metrics to performance and lowering the number of escalations, a common scenario. Check it out and comment.
Articles like this provide very good exercises for IT and Security staff. They help to identify common errors and provide useful examples to Management of how their attmpts to improve availability can actually undermine security efforts. Improved availabiilty is a worthwhile pursuit, but don’t compromise monitoring and alerting just to keep the numbers low. If people are afraid to escalate issues, real issues may not receive the attention that they require – until it is too late.