Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Windows Security
24/7/365 Network Uptime
Average Rating:
Rate this article:  
Microsoft Shows Love to IT Admins with Light Patch Tuesday
Microsoft Shows Love to IT Admins with Light Patch Tuesday

By Jennifer LeClaire
February 10, 2012 11:29AM

    Bookmark and Share
IT in February should prioritize the four Patch Tuesday "critical" bulletins first because each of them will likely require a restart, said security analyst Paul Henry. However, he noted, the light Patch Tuesday load from Microsoft does not mean IT can sit back and relax, as there are other security patches for Oracle and Java.
 



Microsoft on Thursday offered some good news for IT admins via its advance notification service. Microsoft's February Patch Tuesday will include just nine bulletins, four of them "critical," to address 21 vulnerabilities.

Microsoft's February focus addresses vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight. The five "important" rated security bulletins address vulnerabilities in Microsoft Visio Viewer 2010 in the Office productivity suite and Sharepoint, the advance notification advisory reported.

The Microsoft Security Response Center also took space in its advance notification blog post to note that information on Microsoft's Security Development Lifecycle system has been downloaded more than 850,000 times so far. And the Trustworthy Computing initiative is 10 years old.

Remote Code Executions

Marcus Carey, security researcher at Rapid7, said the four "critical" bulletins are rated so high because they allow remote code execution -- and three of them require a reboot for patching. Of the five "important" bulletins, two affect Microsoft Office.

The first bulletin is a core operating-system vulnerability that affects all modern deployed workstations and servers. The second bulletin is an Internet Explorer vulnerability allowing remote code execution.

"We're seeing a great many browser patches from Microsoft these days because researchers and attackers have realized that browser exploits have the most potential for harm and are currently the best attack surface," Carey said. "Browser-based attacks will certainly continue to be an attack vector from here on."

Bulletin No. 4 is the third critical over the last few months that patches .Net and Silverlight, Carey said, noting that media players and browser plug-ins are very popular attack vectors. Because browsers are effectively taking the role of operating systems for users, he explained, anything that can exploit the browser directly or indirectly will receive attention with exploit development and research.

Prioritizing Bulletins

"IT continues to benefit from Microsoft's security initiatives in 2012 with comparatively lower numbers year on year. Last February, we saw 12 security bulletins in all, three of which were critical and nine rated important," said Paul Henry, security and forensic analyst at Lumension.

From Henry's perspective, IT in February should prioritize the four critical bulletins first because each of them will likely require a restart. However, he noted, the light patch load from Microsoft does not mean IT can sit back and relax.

Henry pointed to a significant patch update from Oracle that came out recently, and as always, threats targeting Java must be addressed. He said Java is the largest threat vector today and is absolutely critical.

"All in all, it's a pretty sweet Valentine's. We've had two fairly light patching periods in a row -- with just seven from Microsoft last month," Henry said. "Clearly, the company's renewed focus is paying off. Now if folks would just follow through and patch."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Windows Security
1.   Windows 7 Ends Mainstream Support
2.   Cybercrime Ring Uncovered in Brazil
3.   Fix on Way for Win 8.1 Upgrade Woes
4.   Android, Win Phone To Get Kill Switch
5.   Don't Fall for XP Update Hack


advertisement
Windows 7 Ends Mainstream Support
But extended support still available.
Average Rating:
Android, Win Phone To Get Kill Switch
New data show anti-theft effectiveness.
Average Rating:
Cybercrime Ring Uncovered in Brazil
Malware hit the boleto payment system.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 
Russian Arrested in Hacking Case Filed in Seattle
The U.S. Secret Service has arrested a Russian man who is accused of hacking store computers to steal thousands of credit card numbers, charging him with bank fraud, identity theft and more.
 

Enterprise Hardware Spotlight
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 
Gartner Sales Study Sees Tablets Up, PCs Down but Recovering
Are PCs on the comeback trail? That depends on how you define "comeback." While tablet sales remain strong, Gartner's latest study found PC shipments aren't dropping as fast as they did last year.
 
Review: Warming Up to Tablets with Keyboard Covers
If you've ever thought tablets with keyboard covers were just a poor excuse for a laptop, think again. Nokia's Lumia 2520 comes with an optional keyboard cover that just may change your mind.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.