Both patches address cross-site scripting (XSS) exploits that Qualys CTO Wolfgang Kandek says "are not very serious." One patch addresses an exploit in a development tool, while the other addresses a system management tool. Neither tool is widely deployed, Kandek says, meaning many IT departments are looking at a relatively light update load.
RELATED:
"It's great for us. We're not even ordering pizza for a long day, which is what we normally do," Kandek says. "It's only two patches. I think it's going to be good for everybody, IT and administrators as well."
However, IT departments should have an eye on a separate Microsoft security advisory that addresses security certificates, Kandek says. In that will default to auto-install through Update next month, Microsoft will begin requiring security certificates with more than 1024 bits.
Although the certificate upgrade will amount to little more than a hiccup for Web browsing, Kandek says IT departments should test the update on a limited set of internal email systems to ensure they'll be compatible when the update goes to auto-install in October.