News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
You are here: Home / Enterprise I.T. / Microsoft Flags 5 Patches as Critical
Is your endpoint data protected?
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
10
2012


Tuesday will offer up the final round of security bulletins for 2012. December's Patch Tuesday will include seven security bulletins: five critical and two important. The bulletins address 12 vulnerabilities.

"The critical bulletins address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer," said Dustin Childs, group manager for Microsoft Trustworthy Computing. "The two Important-rated bulletins will address issues in Microsoft Windows."

Childs recommended customers pause from searching for those hot new gadgets and review Microsoft's ANS summary page for more information on the coming patches. He also asked IT admins to prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.

A Mix of Vulnerabilities

Wolfgang Kandek, CTO of Qualys, told us all in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012.

"For many Windows RT users, it will be the first time for a software update, and it will be interesting to see how they react and what the uptake of the patches will be," Kandek said as he offered his analysis of each bulletin.

Bulletin 1 is rated critical and affects Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting at Vista all the way to Windows 8 and RT. Bulletin 2, which is also rated critical, applies to all versions of Windows and again includes both Windows 8 and Windows RT.

A Rare Bug

"Bulletin 3 is special, as it affects Microsoft Word and is rated critical, which happens very rarely. Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to 'important,' because a user interaction, such as opening a malicious file, is required," Kandek said.

"In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for."

Bulletin 4 is a critical fix for a number of Microsoft server software products. Kandek said it includes the widely installed Exchange and SharePoint, plus an update for Microsoft Office Web Apps 2010 Service Pack 1.

"Office Web Apps are the webified version of Word, Excel, etc., and we expect them to have lesser impact on IT, as the applications have fewer installations," he said. "In any case, Server Administrators need to take a good look at this bulletin to see if they need to take action."

Web-Based Attack Risks

Marcus Carey, a security researcher at Rapid 7, told us Bulletins 2 and 5, both critical, will affect most consumers and enterprises since they fix vulnerabilities that would allow an attacker to remotely execute code on all Windows platforms. Both of these bulletins fix vulnerabilities that potentially could be leveraged as web-based attacks, he said, however they would be difficult to exploit and achieve remote code execution.

"Bulletin 6 is rated as important and affects all supported Microsoft operating systems except for Windows RT. Since it's rated as important it probably requires a special set of circumstances to actually exploit, which would probably require some sort of victim participation such as opening malicious files," Carey said.

"Bulletin 7 is important and only affects Windows Server 2012 and Windows Server 2008 R2. It could allow an attacker to bypass at least one security measure on those operating systems. Since it is rated as important it may only work under limited circumstances and configurations."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Protect 100% of your Data The prevalence of laptops and mobile devices in the enterprise makes corporate data increasingly vulnerable to loss and breach. And yet, workforce productivity is now inextricably linked to mobility. Click here to access the white paper "Top 10 Endpoint Backup Mistakes" to learn more about how to confidently protect data across platforms and devices while also providing features designed to enhance the end user experience.
MORE IN ENTERPRISE I.T.
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Dairy Queen is known for its hot fries and sweet treats, but it just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
HP Previews ProLiant Gen9 Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 
Alert: HP Recalls 5 Million Notebook AC Power Cords
HP is recalling about 5.6 million notebook computer AC power cords in the U.S. and another 446,700 in Canada because of possible overheating, which can pose a fire and burn hazard.
 

Mobile Technology Spotlight
Apple Sets Sept. 9 Event: iPhone 6, iWatch on Tap?
Save the date. Apple formally announced that its long-anticipated “special event," will take place on September 9. Does the tech giant have the iPhone 6, and the iWatch up its sleeve?
 
Samsung's New Smart Watch Makes Calls Without Phone
Following up on the Gear 2, Samsung has unveiled a new 3G smart watch, the Gear S, that stands out in its ability to make phone calls and send text messages without a smartphone.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.