News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / Microsoft/Windows / Secure Coding Initiative at MS Pays Off
DDoS Protection Powered By Verisign
Microsoft Patch Tuesday Shows Secure Coding Pays Off
Microsoft Patch Tuesday Shows Secure Coding Pays Off
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
12
2012



Microsoft's last Patch Tuesday of 2012 rolled out seven patches. Five of them are rated critical and two are rated important. The good news is: none are under active attack.

With December's Patch Tuesday, Microsoft has rolled out 83 security bulletins in 2012. That's significantly down from the 100 security bulletins Redmond released in 2011. Microsoft released 117 security bulletins in 2010.

"Maybe even more important than the raw numbers is the more regular release rhythm that Microsoft set this year," said Wolfgang Kandek, CTO at Qualys. "We see this as a clear sign of a more mature process."

Prioritizing the Patches

Looking at December's patches, five of this month's bulletins are rated as critical. That means an attacker can use the vulnerabilities Microsoft is fixing to gain complete control over the victim's machine.

"Of the five, we think that MS12-079, a bulletin for Microsoft Word, is the most important. The attack can be accomplished through e-mail using a flaw in the Rich Text Format," Kandek told us. "An attacker can gain control of a computer without end user interaction because Microsoft Outlook automatically displays the malicious text in the Preview Pane."

Kandek pointed to a potential work-around: manually configuring the preview pane in Outlook's Trust Center to use plain text only. The downside is you lose a significant amount of functionality by opting for this workaround.

Kandek put the Internet Explorer bulletin MS12-077 in a close second with regard to IT patching priorities. MS12-077 addresses vulnerabilities in IE 9 and 10, the newest versions of IE that run under Vista, Windows 7 and Windows 8.

"Here, an attacker would have to lure the attack target to browse to a malicious Web page," Kandek said. "This is a tad harder than sending the target a simple e-mail, another common attack method."

Secure Coding Initiative Pays Off

Paul Henry, a security and forensic analyst for Lumension, also pulled the camera back and took a wide view of 2012. With the multitude of third-party application patching needed this year from the likes of Adobe, Java and even Apple, he said, you likely didn't notice Microsoft put out 20 percent fewer patches in 2011.

Over the year, Microsoft Patch Tuesday released 35 critical bulletins, 46 important bulletins and two moderate bulletins. Henry said it was great to see Microsoft's Secure Coding Initiative paying off, reducing the number of vulnerabilities in its software, resulting in an easier time for IT at Patch Tuesday time.

"A look back over the last couple of years proves interesting. In 2011, January had two bulletins, while February had 12. March then went back down to three, but April went up to 17. May had two and June went back up to 16," Henry said.

"In contrast, January of this year had seven patches, February had nine, then six in both March and April, and seven in both May and June. In fact, only one month -- September, at three -- was lower than six or higher than nine. The degree of consistency makes it easier for IT to plan out the time and effort they'll need to spend on Patch Tuesday each month."

Tell Us What You Think
Comment:

Name:

Norm:

Posted: 2012-12-13 @ 10:29am PT
@Shickadee: Mine went smoothly. You might want to try again, but also report the problem directly to Microsoft. Good luck.

Shickadee:

Posted: 2012-12-13 @ 10:26am PT
This December's update couldn't make it past the 7th of twelve updates. After waiting more than 1/2 a day for it to complete, I finally chanced it and restarted my computer. Thankfully it recovered okay. This is the 1st time this has happened, with all the Windows 7 updates. Has anyone else had this problem?

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN MICROSOFT/WINDOWS
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Mobile Technology Spotlight
iWatch Watch: What Will Apple Ask Us To Wear?
There are still more questions than answers when it comes to details about the smart watch Apple seems poised to debut on Sept. 9. In fact, nobody seems completely sure that it will be a smart watch at all.
 
Samsung Maps Its Way with Nokia's 'Here' App for Galaxy Phones
Korean electronics giant Samsung has opted to license Here, Nokia’s mapping app -- formerly known as Nokia Maps -- for its Tizen-powered smart devices and Samsung Gear S wearable.
 
Google Successfully Tests Its Own Delivery Drone
While top technology companies are engaged in an "arms race" to develop drones that can quickly deliver goods to anyone anywhere, Google has revealed it successfully tested its own version.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.