Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Enterprise I.T.
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Microsoft Fixing 12 Bugs in Year
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday

By Jennifer LeClaire
December 10, 2012 6:48AM

    Bookmark and Share
All in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012, said Wolfgang Kandek, CTO of Qualys. "For many Windows RT users, it will be the first time for a software update," Kandek said.
 



Tuesday will offer up the final round of security bulletins for 2012. December's Patch Tuesday will include seven security bulletins: five critical and two important. The bulletins address 12 vulnerabilities.

"The critical bulletins address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer," said Dustin Childs, group manager for Microsoft Trustworthy Computing. "The two Important-rated bulletins will address issues in Microsoft Windows."

Childs recommended customers pause from searching for those hot new gadgets and review Microsoft's ANS summary page for more information on the coming patches. He also asked IT admins to prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.

A Mix of Vulnerabilities

Wolfgang Kandek, CTO of Qualys, told us all in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012.

"For many Windows RT users, it will be the first time for a software update, and it will be interesting to see how they react and what the uptake of the patches will be," Kandek said as he offered his analysis of each bulletin.

Bulletin 1 is rated critical and affects Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting at Vista all the way to Windows 8 and RT. Bulletin 2, which is also rated critical, applies to all versions of Windows and again includes both Windows 8 and Windows RT.

A Rare Bug

"Bulletin 3 is special, as it affects Microsoft Word and is rated critical, which happens very rarely. Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to 'important,' because a user interaction, such as opening a malicious file, is required," Kandek said.

"In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for."

Bulletin 4 is a critical fix for a number of Microsoft server software products. Kandek said it includes the widely installed Exchange and SharePoint, plus an update for Microsoft Office Web Apps 2010 Service Pack 1.

"Office Web Apps are the webified version of Word, Excel, etc., and we expect them to have lesser impact on IT, as the applications have fewer installations," he said. "In any case, Server Administrators need to take a good look at this bulletin to see if they need to take action."

Web-Based Attack Risks

Marcus Carey, a security researcher at Rapid 7, told us Bulletins 2 and 5, both critical, will affect most consumers and enterprises since they fix vulnerabilities that would allow an attacker to remotely execute code on all Windows platforms. Both of these bulletins fix vulnerabilities that potentially could be leveraged as web-based attacks, he said, however they would be difficult to exploit and achieve remote code execution.

"Bulletin 6 is rated as important and affects all supported Microsoft operating systems except for Windows RT. Since it's rated as important it probably requires a special set of circumstances to actually exploit, which would probably require some sort of victim participation such as opening malicious files," Carey said.

"Bulletin 7 is important and only affects Windows Server 2012 and Windows Server 2008 R2. It could allow an attacker to bypass at least one security measure on those operating systems. Since it is rated as important it may only work under limited circumstances and configurations."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Enterprise I.T.
1.   Teaming Up: CIOs, IT Asset Managers
2.   Juniper DDoS for High-IQ Networks
3.   IBM Rolls Out Hybrid Cloud Services
4.   Windows 7 Ends Mainstream Support
5.   Another IE-Focused Patch Tuesday


advertisement
Backlash Stirs Against H-1B Visas
Debate over foreign workers continues.
Average Rating:
IBM Rolls Out Hybrid Cloud Services
Based on SoftLayer net infrastructure.
Average Rating:
Windows 7 Ends Mainstream Support
But extended support still available.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
New Web Tracking Technologies Defeat Privacy Protections
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new study by researchers at Princeton and the University of Leuven in Belgium.
 
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.
 
Large-Volume DDoS Attacks Hit Record in 2014
The number of distributed denial-of-service (DDoS) attacks set a record in the first half of 2014, according to a report by Arbor Networks. The number of attacks over 20 GB/sec doubled.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.