April 2017 Patch Tuesday Forecast
March saw a sizable release from Microsoft after a missed Patch Tuesday. Any way about it, April will be a lighter month than March. Windows 10 1703 has officially released to MSDN. Windows 10 1507 reaches end of service in May, so for those on the original release branch, now is the time. Start upgrading those systems still on 1507 to prevent not having security exposures.
Last month Microsoft was kind enough to break Internet Explorer updates out of the security only bundles on pre-Windows 10 systems. This was well-received by many companies I have spoken to, allowing them to push updates for IE or everything else but hold the other behind if there was an issue. It doesn’t bring us back to the bulletin level control previously available before the rollup model was implemented, but it’s something.
Some recent news regarding a vulnerability in IIS 6.0 is worth mentioning. The vulnerability in WebDAV could allow an attacker to execute malicious code on a Windows Server running IIS 6.0 with the privileges of the user running the application. IIS 6.0 extended support ended in July 2015 along with Windows Server 2003, but there are still reportedly servicing millions of public web sites, and many companies still host internal websites on Windows Server 2003 on IIS 6.0.
Read the entire article here, April 2017 Patch Tuesday Forecast
via the fine folks at Ivanti.