The bigger news outside of Microsoft is the ongoing and never ending Java issues. Oracle has received some pretty consistent and negative attention for the problems with Java over the last few months. On Super Bowl weekend, they issued patches for over 50 CVEs. It has also been reported that we can expect yet more patches for Java from Oracle on February 19. Then, for the second time in the last month, Apple shut down Java accessibility for their users. This caused significant disruption to productivity for those using Java on their Apple machines, which Henry would guess to be a large portion of Apple users. A day or two of notice would have been smart, giving users time to find alternative arrangements for their Java-running applications.
This shutdown is a departure from previous Apple policy. In the past, Apple would include Java patches within their own patches and push it out to their users. Now, when problems occur, they abruptly blacklist Java, creating productivity disruptions for users. Fortunately, users can re-enable Java by going directly to the source. Applying the patch issued by Oracle will re-enable Java on Apple machines.
According to Paul Henry, security and forensic analyst at Lumension, it’s going to be a rough Valentine’s Day for many IT admins this month. With ongoing issues with Java and 12 bulletins from Microsoft, including five critical issues and many restarts, it’s going to be a very disruptive Patch Tuesday.
It’s disturbing to note how many different Microsoft platforms are critically affected this month. Everything from Windows XP to the new Windows RT is critically impacted. It’s never a good sign when your current code base is impacted. There are also many more bulletins this month than we’ve seen in the last few months. Henry noted in December that 2012 brought more consistency and stability to Patch Tuesday than we saw in 2011. He hopes that this month is a one-time spike and not a return to the yo-yo pattern of 2011.