News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / Mobile Tech / Microsoft Flags 5 Patches as Critical
DDoS Protection Powered By Verisign
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
10
2012



Tuesday will offer up the final round of security bulletins for 2012. December's Patch Tuesday will include seven security bulletins: five critical and two important. The bulletins address 12 vulnerabilities.

"The critical bulletins address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer," said Dustin Childs, group manager for Microsoft Trustworthy Computing. "The two Important-rated bulletins will address issues in Microsoft Windows."

Childs recommended customers pause from searching for those hot new gadgets and review Microsoft's ANS summary page for more information on the coming patches. He also asked IT admins to prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.

A Mix of Vulnerabilities

Wolfgang Kandek, CTO of Qualys, told us all in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012.

"For many Windows RT users, it will be the first time for a software update, and it will be interesting to see how they react and what the uptake of the patches will be," Kandek said as he offered his analysis of each bulletin.

Bulletin 1 is rated critical and affects Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting at Vista all the way to Windows 8 and RT. Bulletin 2, which is also rated critical, applies to all versions of Windows and again includes both Windows 8 and Windows RT.

A Rare Bug

"Bulletin 3 is special, as it affects Microsoft Word and is rated critical, which happens very rarely. Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to 'important,' because a user interaction, such as opening a malicious file, is required," Kandek said.

"In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for."

Bulletin 4 is a critical fix for a number of Microsoft server software products. Kandek said it includes the widely installed Exchange and SharePoint, plus an update for Microsoft Office Web Apps 2010 Service Pack 1.

"Office Web Apps are the webified version of Word, Excel, etc., and we expect them to have lesser impact on IT, as the applications have fewer installations," he said. "In any case, Server Administrators need to take a good look at this bulletin to see if they need to take action."

Web-Based Attack Risks

Marcus Carey, a security researcher at Rapid 7, told us Bulletins 2 and 5, both critical, will affect most consumers and enterprises since they fix vulnerabilities that would allow an attacker to remotely execute code on all Windows platforms. Both of these bulletins fix vulnerabilities that potentially could be leveraged as web-based attacks, he said, however they would be difficult to exploit and achieve remote code execution.

"Bulletin 6 is rated as important and affects all supported Microsoft operating systems except for Windows RT. Since it's rated as important it probably requires a special set of circumstances to actually exploit, which would probably require some sort of victim participation such as opening malicious files," Carey said.

"Bulletin 7 is important and only affects Windows Server 2012 and Windows Server 2008 R2. It could allow an attacker to bypass at least one security measure on those operating systems. Since it is rated as important it may only work under limited circumstances and configurations."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN MOBILE TECH
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
AMD's New FX Series CPU Breaks Processing Speed Record
The new FX-8370 processor from Advanced Micro Devices has set a record for silicon processor speed, the company announced. Overclocked, the eight-core chip was measured at 8722.78 MHz.
 
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 

Mobile Technology Spotlight
Rumor Mill Puts Mobile Wallet in iPhone 6
Apple is moving toward the mobile wallet world with its next iPhone. The tech giant has partnered with retailers, banks and major payment networks to make it happen, according to Bloomberg.
 
Will iPhone Finally Catch Up with NFC Mobile Payment Ability?
Apple's latest version of the iPhone may have a mobile wallet to pay for purchases with a tap of the phone. The iPhone 6 reportedly is equipped with near-field communication (NFC) technology.
 
Visual Search To Shop: Gimmick or Game Changing?
Imagine using your phone to snap a photo of the cool pair of sunglasses your friend is wearing and instantly receiving a slew of information about the shades along with a link to order them.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.