Microsoft Kicks Off the New Year With Fixes for Current Code Base

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Microsoft Kicks Off the New Year With Fixes for Current Code Base-3 Next

Bulletin 2 is an XML parsing vulnerability affecting all versions of XML. It’s a remote code execution issue, but realistically the browser is very likely the only attack vector for this. However, XML is a core Windows component, which is why it affects so many different versions. This is pretty similar to previous XML issues.

According to Paul Henry, security and forensic analyst at Lumension, it looks like 2013 is off to a fairly average start with seven bulletins: two critical and five important. You may recall that January of 2012 also came in with seven bulletins, though only one was critical. After closing out 2012 with more consistency in the number of patches per month, we can only hope that 2013 will continue in that same vein. Fortunately, nothing patched this month is under active exploit and everything reported correctly, so there’s actually pretty minimal risk to users.

This month may be average, but that doesn’t mean it’ll be an easy one for IT. There are a lot of restarts this month and they impact nearly all Windows operating systems.

Before jumping into this month’s bulletins, it’s interesting, though not surprising, to note that Microsoft is still working on a fix for the IE zero-day vulnerability. Henry figures that we’ll either see an out-of-band patch or something next month. If you haven’t already, install the Fix It workaround, especially if you’re using an older version of IE. The Fix It will block all the known exploits, and if new attacks come up, your browser will simply crash, which is preferable to the alternative.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.