HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Data Security / MS Patch Tuesday To Be a Light One
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Microsoft Shows Love to IT Admins with Light Patch Tuesday
Microsoft Shows Love to IT Admins with Light Patch Tuesday
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
10
2012
Microsoft on Thursday offered some good news for IT admins via its advance notification service. Microsoft's February Patch Tuesday will include just nine bulletins, four of them "critical," to address 21 vulnerabilities.

Microsoft's February focus addresses vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight. The five "important" rated security bulletins address vulnerabilities in Microsoft Visio Viewer 2010 in the Office productivity suite and Sharepoint, the advance notification advisory reported.

The Microsoft Security Response Center also took space in its advance notification blog post to note that information on Microsoft's Security Development Lifecycle system has been downloaded more than 850,000 times so far. And the Trustworthy Computing initiative is 10 years old.

Remote Code Executions

Marcus Carey, security researcher at Rapid7, said the four "critical" bulletins are rated so high because they allow remote code execution -- and three of them require a reboot for patching. Of the five "important" bulletins, two affect Microsoft Office.

The first bulletin is a core operating-system vulnerability that affects all modern deployed workstations and servers. The second bulletin is an Internet Explorer vulnerability allowing remote code execution.

"We're seeing a great many browser patches from Microsoft these days because researchers and attackers have realized that browser exploits have the most potential for harm and are currently the best attack surface," Carey said. "Browser-based attacks will certainly continue to be an attack vector from here on."

Bulletin No. 4 is the third critical over the last few months that patches .Net and Silverlight, Carey said, noting that media players and browser plug-ins are very popular attack vectors. Because browsers are effectively taking the role of operating systems for users, he explained, anything that can exploit the browser directly or indirectly will receive attention with exploit development and research.

Prioritizing Bulletins

"IT continues to benefit from Microsoft's security initiatives in 2012 with comparatively lower numbers year on year. Last February, we saw 12 security bulletins in all, three of which were critical and nine rated important," said Paul Henry, security and forensic analyst at Lumension.

From Henry's perspective, IT in February should prioritize the four critical bulletins first because each of them will likely require a restart. However, he noted, the light patch load from Microsoft does not mean IT can sit back and relax.

Henry pointed to a significant patch update from Oracle that came out recently, and as always, threats targeting Java must be addressed. He said Java is the largest threat vector today and is absolutely critical.

"All in all, it's a pretty sweet Valentine's. We've had two fairly light patching periods in a row -- with just seven from Microsoft last month," Henry said. "Clearly, the company's renewed focus is paying off. Now if folks would just follow through and patch."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Apple is taking the iCloud hack that revealed naked selfies of celebrities seriously, adding new security tools to keep its cloud safe. But there’s still fallout from the early-September iCloud hack.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.