7-Day Forecast: Bundle Up!
It’s that time of year again—consider this post your friendly T-7 notice to start preparing for the final Cisco IOS Software Security Advisory Bundled Publication of 2013! As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0. Cisco security publications that disclose vulnerabilities scoring lower than 7.0 are described in our Cisco Security Vulnerability Policy.
Prior to the last bundle cycle, I shared several tips to help you prepare for the upcoming release. Here at Cisco, we feel that leveraging the Cisco IOS Software Checker is one of the most important tools for your success. When my colleague, John Stuppi, asked for your feedback in March, we learned that many of you aren’t familiar with all the benefits of this handy tool. Let’s correct that right now!
Did you know that the IOS checker allows you to quickly identify Cisco Security Advisories that impact specific Cisco IOS Software releases? Just select your release(s) from the drop-down menu or upload a file from your local system on the first page. The tool can even parse show version command output. From that stage, you can customize your results by searching against all previously published Cisco Security Advisories, just a specific one, or all the advisories in the most recent bundle. Why don’t you test out the tool now so you’re prepared for the release on September 25, 2013? I’d love to hear your impressions in the comments.
Make sure to return to the Cisco Security Blog on September 25, 2013, for more details on the semiannual disclosure. Now, you may be wondering how you’ll remember all these release dates…well, last year, my colleague Tim Sammut wrote about the variety of tools that allow you to stay up-to-date with our advisories. How about subscribing to one of our RSS feeds?
And, as always, please visit the Cisco Security Intelligence Operations (SIO) Portal to peruse the wealth of available content—best practices & white papers, Security Advisories, Applied Mitigation Bulletins, IntelliShield Alerts, and IPS Signature information—to help detect and mitigate threats on your network.