IT Security by numbers - figures for Patch Tuesday tell their own story about Internet Explorer


IT Security by numbers - figures for Patch Tuesday tell their own story about Internet Explorer

Here's a story for number crunchers to digest. We present these figures from Microsoft's latest Patch Tuesday and invite you to draw your own conclusions.
64   number of patches needed in various version of Microsoft Internet Explorer
9     the number that were critical)
17   the number of bulletins)
15   the number of the above that addressed..
3     The number of versions of Internet Explorer that need patching
240 Estimated number of man hours needed to fix all these patches
12   Number of hours you have left before some botnet finds your vulnerability and exploits control of your IT systems

Alan Bentley, SVP International at Lumension seemed surprised by the scale of the exposure Microsoft has subjected its customers to:

"Following a relatively light Patch Tuesday in March, this month's bulletins will have IT managers back on their feet scrambling to implement the 64 patches, nine of them rated critical. 15 of the 17 bulletins address remote code execution vulnerabilities," said Bentley.
"Most noteworthy of the patches is MS11-018, a critical patch for IE6, IE7 and IE8 on Windows clients.  Without the patch, browsers are instantly compromised from the moment a user visits a malicious site. 
"The two SMB-related bulletins, MS11-020 and MS11-019 are both geared towards fixing vulnerabilities in SMB Server and SMB Client, both of which could leave servers available for hackers to take control of them. 
"While some IT managers may have had their feet up in March, this month's Patch Tuesday is further evidence that our systems still aren't up to par. Most of these patches will require a full restart meaning organisations will need to schedule time for the updates."

This was first published in April 2011

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.