Microsoft Kicks Off the New Year With Fixes for Current Code Base

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Microsoft Kicks Off the New Year With Fixes for Current Code Base-8 Next

And finally, there is Bulletin 7, which is a denial of service vulnerability affecting the open data protocol that a lot of services use. An attacker can provide very specific HTTP requests to a server that is open to this protocol service using a find and replace, which could be used to replace a single “a” with a million “a”s. As the server is processing this request, it would fill up all its memory, effectively crashing the service followed by the server.

According to Paul Henry, security and forensic analyst at Lumension, it looks like 2013 is off to a fairly average start with seven bulletins: two critical and five important. You may recall that January of 2012 also came in with seven bulletins, though only one was critical. After closing out 2012 with more consistency in the number of patches per month, we can only hope that 2013 will continue in that same vein. Fortunately, nothing patched this month is under active exploit and everything reported correctly, so there’s actually pretty minimal risk to users.

This month may be average, but that doesn’t mean it’ll be an easy one for IT. There are a lot of restarts this month and they impact nearly all Windows operating systems.

Before jumping into this month’s bulletins, it’s interesting, though not surprising, to note that Microsoft is still working on a fix for the IE zero-day vulnerability. Henry figures that we’ll either see an out-of-band patch or something next month. If you haven’t already, install the Fix It workaround, especially if you’re using an older version of IE. The Fix It will block all the known exploits, and if new attacks come up, your browser will simply crash, which is preferable to the alternative.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.