Three guys got together over pints in February 2009 and talked about how one of the issues facing Technical Professionals today is keeping their systems patched and up to date. This issue was brought up to them at a User Group meeting they were attending (Ottawa Windows Server User Group) where we were participating in an “Ask the Microsoft Guy” panel discussion.
Over pints at D’Arcy McGee’s, Pierre Roman, Bruce Cowper and I decided we would try to help solve the issue of information overload regarding patching and put together a timely podcast to go live each “Patch Tuesday”.
- Use plain English terms and every day language that any Technical professional can understand – minimize “corporate speak”.
- Breakdown each Security Bulletin with summary information first followed by more details as to the impact an IT Pro would face.
- Outline mitigation factors in case patches couldn’t be tested or applied in a timely fashion
- Keep it top 20 minutes OR LESS. This one is critical – Keep It Simple, repeatable and get out of the IT Pros way to get on with their day.
- Have fun!
Have a listen directly from the embedded Silverlight player OR subscribe to the specific feed and download it to your iTunes / Zune software.
As always - if you have suggestions on making it better - please pass on your comments. Mail me directly – firstname.lastname@example.org
Subscribe to the podcast: (so you don't miss an episode)
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
Bulletins discussed for October 13th, 2009:
- MS09-050 - Critical Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
- MS09-051 - Critical Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
- MS09-052 - Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
- MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
- MS09-054 - Critical Cumulative Security Update for Internet Explorer (974455)
- MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)
- MS09-056 - Important Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
- MS09-057 - Important Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
- MS09-058 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
- MS09-059 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
- MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
- MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
- MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
Podcast Participants: Pierre Roman and myself.
Additional Technical Show Notes:
- Recorded in my backyard on Thanksgiving Weekend in Canada. Clear skies, but darn cold.
- Beverage of choice for this edition: leftover Mooshead “Cracked Canoe” ale (http://www.crackedcanoe.com/) from my Thanksgiving festivities.