Microsoft Kicks Off the New Year With Fixes for Current Code Base

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Microsoft Kicks Off the New Year With Fixes for Current Code Base-4 Next

Looking at the important bulletins, Bulletin 3 is an elevation of privilege issue affecting the central update distribution service that enterprises use. It’s a cross-site scripting vulnerability in the SCOM console, which Microsoft typically updates. Attackers would need to know the admin, get them to follow a link and do it at a pretty specific time, which is difficult to do.

According to Paul Henry, security and forensic analyst at Lumension, it looks like 2013 is off to a fairly average start with seven bulletins: two critical and five important. You may recall that January of 2012 also came in with seven bulletins, though only one was critical. After closing out 2012 with more consistency in the number of patches per month, we can only hope that 2013 will continue in that same vein. Fortunately, nothing patched this month is under active exploit and everything reported correctly, so there’s actually pretty minimal risk to users.

This month may be average, but that doesn’t mean it’ll be an easy one for IT. There are a lot of restarts this month and they impact nearly all Windows operating systems.

Before jumping into this month’s bulletins, it’s interesting, though not surprising, to note that Microsoft is still working on a fix for the IE zero-day vulnerability. Henry figures that we’ll either see an out-of-band patch or something next month. If you haven’t already, install the Fix It workaround, especially if you’re using an older version of IE. The Fix It will block all the known exploits, and if new attacks come up, your browser will simply crash, which is preferable to the alternative.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.