So yesterday was Patch Tuesday, and following a mammoth April, it was a pretty quiet one, with only 2 vulnerabilities reported, and only one of those given the most severe rating of “critical”. That said, of course any vulnerability reported should be investigated and understood, and particularly those rated critical.
This month the critical vulnerability is MS11-035, which states that a “vulnerability in WINS could allow remote code execution”. Microsoft is reassuring customers that “By default, WINS is not installed on any affected operating system.” Fair enough, good to know, but you shouldn't overlook the fact that many third party applications use WINS, especially legacy applications. And yes, it's true that since Windows Server 2003, WINS has been optional, but in fact many people find that it breaks other things when disabled. As a result, WINS is widely deployed in both government and commercial networks. If this is you, the bottom line is that you need to test and deploy this update as soon as possible.
That's all from us for this Patch Tuesday, but as usual, if you have questions or stories to share, please post them in the comments sections.