Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Microsoft/Windows
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Microsoft Fixing 12 Bugs in Year
Microsoft Fixing 12 Bugs in Year's Last Patch Tuesday

By Jennifer LeClaire
December 10, 2012 6:48AM

    Bookmark and Share
All in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012, said Wolfgang Kandek, CTO of Qualys. "For many Windows RT users, it will be the first time for a software update," Kandek said.
 



Tuesday will offer up the final round of security bulletins for 2012. December's Patch Tuesday will include seven security bulletins: five critical and two important. The bulletins address 12 vulnerabilities.

"The critical bulletins address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer," said Dustin Childs, group manager for Microsoft Trustworthy Computing. "The two Important-rated bulletins will address issues in Microsoft Windows."

Childs recommended customers pause from searching for those hot new gadgets and review Microsoft's ANS summary page for more information on the coming patches. He also asked IT admins to prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.

A Mix of Vulnerabilities

Wolfgang Kandek, CTO of Qualys, told us all in all, IT admins are looking at a normal-size Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration busy through the end of 2012.

"For many Windows RT users, it will be the first time for a software update, and it will be interesting to see how they react and what the uptake of the patches will be," Kandek said as he offered his analysis of each bulletin.

Bulletin 1 is rated critical and affects Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting at Vista all the way to Windows 8 and RT. Bulletin 2, which is also rated critical, applies to all versions of Windows and again includes both Windows 8 and Windows RT.

A Rare Bug

"Bulletin 3 is special, as it affects Microsoft Word and is rated critical, which happens very rarely. Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to 'important,' because a user interaction, such as opening a malicious file, is required," Kandek said.

"In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for."

Bulletin 4 is a critical fix for a number of Microsoft server software products. Kandek said it includes the widely installed Exchange and SharePoint, plus an update for Microsoft Office Web Apps 2010 Service Pack 1.

"Office Web Apps are the webified version of Word, Excel, etc., and we expect them to have lesser impact on IT, as the applications have fewer installations," he said. "In any case, Server Administrators need to take a good look at this bulletin to see if they need to take action."

Web-Based Attack Risks

Marcus Carey, a security researcher at Rapid 7, told us Bulletins 2 and 5, both critical, will affect most consumers and enterprises since they fix vulnerabilities that would allow an attacker to remotely execute code on all Windows platforms. Both of these bulletins fix vulnerabilities that potentially could be leveraged as web-based attacks, he said, however they would be difficult to exploit and achieve remote code execution.

"Bulletin 6 is rated as important and affects all supported Microsoft operating systems except for Windows RT. Since it's rated as important it probably requires a special set of circumstances to actually exploit, which would probably require some sort of victim participation such as opening malicious files," Carey said.

"Bulletin 7 is important and only affects Windows Server 2012 and Windows Server 2008 R2. It could allow an attacker to bypass at least one security measure on those operating systems. Since it is rated as important it may only work under limited circumstances and configurations."
 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Microsoft/Windows
1.   China Puts Microsoft Under the Lens
2.   Win Phone 8.1 Update Already on Way
3.   Yammer Moved to Office 365
4.   Can One Size Windows OS Fit All?
5.   Microsoft CEO Sees 'Bold' Plan Ahead


advertisement
China Puts Microsoft Under the Lens
Official anti-monopoly probe launched.
Average Rating:
Microsoft CEO Sees 'Bold' Plan Ahead
With unified Windows for all platforms.
Average Rating:
Design Central to Microsoft Future
New ethos a break from functional past.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Tor Internet Privacy Service Warns Users It Was Breached
You may never have heard of the Tor Project, but the Internet privacy service is making headlines. Tor’s devs say users might be victims of an attack launched against the project earlier this year.
 
Canadian Government Charges China With Cyberattack
The government of Canada is not happy with China. Canadian officials have accused "a highly sophisticated Chinese state-sponsored actor" of launching a cyberattack on its National Research Council.
 
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 
Facebook: You Will Use Messenger, and You Will Like It
Starting this week, Facebook users with Android and iOS phones will be forced to use the separate Messenger app to send Facebook messages. Pending messages will still be visible in the main app.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.