News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
You are here: Home / Microsoft/Windows / Year's First MS Patch Tuesday Ho-Hum
Gartner's #1 for endpoint backup
Ho-Hum Patch Tuesday Missing IE Zero-Day Fix
Ho-Hum Patch Tuesday Missing IE Zero-Day Fix
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
09
2013


Microsoft on Tuesday launched its first patches for 2013. The release offered seven security bulletins. Two are rated critical and five are rated important.

Andrew Storms, director of security operations for nCircle, said the XML bug should be at the top of everyone's "patch immediately" list. That, he said, is because this bug is going to be a popular target for attackers.

"If you can't do anything else right away, at least patch this one post haste," Storms told us. "This critical XML bug affects every version of Windows in one way or another because XML is used by a wide range of operating system components."

More Attacks Coming

Storms also pointed to an interesting bug in Microsoft's print spooler this month. Print spooler bugs played a role in the infamous Stuxnet malware, but Storms said this bug isn't anything like the vulnerability Stuxnet exploited.

"This bug requires a watering hole-style attack method, so it'll be pretty popular in attacker forums," Storms said. "This bug should also be patched pronto. Security researchers have confirmed that they can bypass the just released fix-it for the new IE zero-day bug. This news, combined with the fact that attack code for the basic exploit has already made its way into popular toolkits, is not good."

Storms predicted IT would continue to see an increase in attacks until Microsoft releases a patch for this flaw. He said it wouldn't surprise him to see an out-of-band patch in the next two weeks for this. As he sees it, this doesn't bode well for 2013, as Microsoft only released one out-of-band patch in all of 2012 and only one in 2011.

Boring Patches

Tyler Reguly, technical manager of security research and development, reminded us that in many years past Microsoft has started the New Year off with a bang. The patch of the year in 2010 was OpenType Font Code Execution, and the SMB Remote Code Execution was first in 2009. And it was TCP/IP Remote Code Execution that made headlines in January 2008.

"The last couple of years have had relatively boring 001 patches, and this year is no different. MS13-001 is assigned to a vulnerability affecting the print spooler. The print spooler itself isn't directly involved; it's third-party products that query it," Reguly said.

"Cross-site scripting (XSS) is part of the inaugural Patch Tuesday of 2013. In the past, patching one XSS in a product for Microsoft has often led to other XSS flaws being discovered that year, so this may be the start of a 2013 trend. Instead of SharePoint XSS patches, this may be the year of SCOM XSS patches." (continued...)

1  |  2  |  Next Page >

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Protect 100% of your Data The prevalence of laptops and mobile devices in the enterprise makes corporate data increasingly vulnerable to loss and breach. And yet, workforce productivity is now inextricably linked to mobility. Click here to access the white paper "Top 10 Endpoint Backup Mistakes" to learn more about how to confidently protect data across platforms and devices while also providing features designed to enhance the end user experience.
MORE IN MICROSOFT/WINDOWS
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Dairy Queen is known for its hot fries and sweet treats, but it just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
HP Previews ProLiant Gen9 Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 
Alert: HP Recalls 5 Million Notebook AC Power Cords
HP is recalling about 5.6 million notebook computer AC power cords in the U.S. and another 446,700 in Canada because of possible overheating, which can pose a fire and burn hazard.
 

Mobile Technology Spotlight
Apple Sets Sept. 9 Event: iPhone 6, iWatch on Tap?
Save the date. Apple formally announced that its long-anticipated “special event," will take place on September 9. Does the tech giant have the iPhone 6, and the iWatch up its sleeve?
 
Samsung's New Smart Watch Makes Calls Without Phone
Following up on the Gear 2, Samsung has unveiled a new 3G smart watch, the Gear S, that stands out in its ability to make phone calls and send text messages without a smartphone.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.