Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 16 febbraio 2012

Microsoft\'s Valentine\'s gift: nine bulletins with four critical centres

Microsoft will release nine bulletins to handle 21 vulnerabilities in Windows, Office, Internet Explorer and .NET/Silverlight on its next Patch Tuesday.

Scheduled to be released on 14 February, the burden will include four critical patches for Windows, Internet Explorer and .NET/Silverlight, while the rest five patches may be rated as important and affect Windows and Office.

Andrew Storms, director of security operations at nCircle, said: “Microsoft is planning to deliver an important ‘Valentine' next Tuesday. Their advance notification indicated they plan to release nine bulletins and 21 CVEs next Tuesday; that is very in step with February 2011's ‘Valentine delivery' that included 12 bulletins and 22 CVEs.

“It's surprising that this month's patch affects almost every Windows operating system, each OS is plagued by five of the eight applicable bulletins. That's sort of weird because newer OS versions are generally safer.

“It's much more surprising that Windows Server 2008 R2 is plagued by the best collection of bulletins. Generally, we see fewer bugs on server-side operating systems and here is doubly true for Server 2008 since such a lot of of its newer mitigations and default settings protect the OS even if bugs are found.”

Paul Henry, security and forensic analyst at Lumension, said: “IT continues to profit from Microsoft's security initiatives in 2012 with comparatively lower numbers year on year. This month, it can prioritise the four critical bulletins first as they all likely require a restart.

“The light patch load from Microsoft doesn't mean it could chill and relax, however. a serious patch update from Oracle came out recently and, as always, threats targeting Java needs to be addressed.”

Wolfgang Kandek, CTO of Qualys, said the critical update to Internet Explorer needs to be highest priority, especially as attackers are quickly incorporating browser-based attacks into their toolkits; with an exploit for MS12-004 detected 15 days after Patch Tuesday.

“There also are two critical fixes for Windows itself, plus one for the .NET framework that ought to be prioritised. Inside the 'important' category, there are three Remote Code Execution vulnerabilities, certainly one of them in Office. Probably we're staring at file-based attacks and at the least the Office vulnerability needs to be included for your first tier of patching,” he said.



Pubblicato da alle 09:08

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)