Teams must be adequately resourced to cope
Reguly said CISOs this month might be worried about the sheer number of items that admins have to review. “There are a lot of CVEs and a lot of one-offs that we don’t normally see,” he said. “While Windows update and automatic updates for some applications will take care of a lot of the heavy lifting here, there’s still testing that is required before deploying updates this large. Additionally, with the likes of .NET, SharePoint, and SQL Server, there’s always the potential for difficult patches and/or version incompatibility that may crop up during testing.
“Patience is going to be a keyword this month, followed very quickly by resourcing. Massive patch drops like this, and the conversation around next-gen LLMs, mean that we need to be aware of the pressure on our teams and the amount of work they are expected to complete. If you still see your security teams as a cost centre, it is time to start rethinking that and looking at the value they bring to protecting your data and your systems. Large patch drops mean that you really need to review your teams to ensure they are adequately resourced.”
Patch volume may be tied to Mythos
AJ Grotto, former senior White House Director for Cyber Policy and currently research scholar at the Center for International Security and Cooperation at Stanford University, noted that the 167 Microsoft vulnerabilities identified this month more than doubled the March total and nearly tripled the February total.
