Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Vblock™ Systems:
Advanced converged infrastructure
increases productivity & lowers costs.

www.vce.com
Windows Security
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Microsoft Fixing 12 Bugs in Year
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday

By Jennifer LeClaire
December 10, 2012 6:48AM

    Bookmark and Share
All in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012, said Wolfgang Kandek, CTO of Qualys. "For many Windows RT users, it will be the first time for a software update," Kandek said.
 



Tuesday will offer up the final round of security bulletins for 2012. December's Patch Tuesday will include seven security bulletins: five critical and two important. The bulletins address 12 vulnerabilities.

"The critical bulletins address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer," said Dustin Childs, group manager for Microsoft Trustworthy Computing. "The two Important-rated bulletins will address issues in Microsoft Windows."

Childs recommended customers pause from searching for those hot new gadgets and review Microsoft's ANS summary page for more information on the coming patches. He also asked IT admins to prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.

A Mix of Vulnerabilities

Wolfgang Kandek, CTO of Qualys, told us all in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012.

"For many Windows RT users, it will be the first time for a software update, and it will be interesting to see how they react and what the uptake of the patches will be," Kandek said as he offered his analysis of each bulletin.

Bulletin 1 is rated critical and affects Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting at Vista all the way to Windows 8 and RT. Bulletin 2, which is also rated critical, applies to all versions of Windows and again includes both Windows 8 and Windows RT.

A Rare Bug

"Bulletin 3 is special, as it affects Microsoft Word and is rated critical, which happens very rarely. Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to 'important,' because a user interaction, such as opening a malicious file, is required," Kandek said.

"In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for."

Bulletin 4 is a critical fix for a number of Microsoft server software products. Kandek said it includes the widely installed Exchange and SharePoint, plus an update for Microsoft Office Web Apps 2010 Service Pack 1.

"Office Web Apps are the webified version of Word, Excel, etc., and we expect them to have lesser impact on IT, as the applications have fewer installations," he said. "In any case, Server Administrators need to take a good look at this bulletin to see if they need to take action."

Web-Based Attack Risks

Marcus Carey, a security researcher at Rapid 7, told us Bulletins 2 and 5, both critical, will affect most consumers and enterprises since they fix vulnerabilities that would allow an attacker to remotely execute code on all Windows platforms. Both of these bulletins fix vulnerabilities that potentially could be leveraged as web-based attacks, he said, however they would be difficult to exploit and achieve remote code execution.

"Bulletin 6 is rated as important and affects all supported Microsoft operating systems except for Windows RT. Since it's rated as important it probably requires a special set of circumstances to actually exploit, which would probably require some sort of victim participation such as opening malicious files," Carey said.

"Bulletin 7 is important and only affects Windows Server 2012 and Windows Server 2008 R2. It could allow an attacker to bypass at least one security measure on those operating systems. Since it is rated as important it may only work under limited circumstances and configurations."
 

Tell Us What You Think
Comment:

Name:



Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.


 Windows Security
1.   Patch Tuesday Offers Critical Fixes
2.   Microsoft Pulls Plug on Windows XP
3.   Against a Wall, Some Buy XP Support
4.   Last Fixes Tuesday for XP, Office 2003
5.   Despite Its Age, XP Remains a Favorite


advertisement
Last Fixes Tuesday for XP, Office 2003
Microsoft closing out support for two.
Average Rating:
Windows 8 Updates Expected Soon
Using OS feedback, security concerns.
Average Rating:
Microsoft Pulls Plug on Windows XP
Third-party workarounds abound.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Michaels Says Nearly 3M Credit, Debit Cards Breached
Arts and crafts retail giant Michaels Stores has confirmed that a data breach at its POS terminals from May 2013 to Jan. 2014 may have exposed nearly 3 million customer credit and debit cards.
 
Heartbleed Could Cost Millions, Could Have Been Prevented
Early estimates of Heartbleed’s cost to enterprises are running in the millions. The reason: revoking all the SSL certificates the bug leaked will come at a very hefty price.
 
Google's Street View Software Unravels CAPTCHAs
The latest software Google uses for its Street View cars to read street numbers in images for Google Maps works so well that it also solves CAPTCHAs, those puzzles designed to defeat bots.
 

Enterprise Hardware Spotlight
Vaio Fit 11A Battery Danger Forces Recall by Sony
Using a Sony Vaio Fit 11A laptop? It's time to send it back to Sony. In fact, Sony is encouraging people to stop using the laptop after several reports of its Panasonic battery overheating.
 
Continued Drop in Global PC Shipments Slows
Worldwide shipments of PCs fell during the first three months of the year, but the global slump in PC demand may be easing, with a considerable slowdown from last year's drops.
 
Google Glass Finds a Home in Medical Education, Practice
Google Glass may find its first markets in verticals in which hands-free access to data is a boon. Medicine is among the most prominent of those, as seen in a number of Glass experiments under way.
 

Mobile Technology Spotlight
Google Releases Chrome Remote Desktop App for Android
You're out on a sales call, and use your Android mobile device to grab a file you have back at the office on your desktop. That's a bit easier now with Google's Chrome Remote Desktop app for Android.
 
Amazon 3D Smartphone Pics Leaked
E-commerce giant Amazon is reportedly set to launch a smartphone after years of development. Photos of the phone, which may feature a unique 3D interface, were leaked by tech pub BGR.
 
Zebra Tech Buys Motorola Enterprise for $3.45B
Weeks after Lenovo bought Motorola Mobility’s assets from Google for $2.91 billion, Zebra Technologies is throwing down $3.45 billion for Motorola’s Enterprise business in an all-cash deal.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.