No Luck O’ the Irish for IT this St. Patty’s Day

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
Next No Luck O’ the Irish for IT this St. Patty’s Day-2 Next

According to Henry, your top priority is going to be MS13-021, which is a critical patch for IE addressing nine CVEs. It’s a cumulative update for IE. An interesting fact of note is that Microsoft released IE 10 for Windows 7 this past February and IE 10 is actually not affected on that platform. However, what really stands out here is that it does affect IE 10 on Windows 8 with some remote code execution vulnerabilities. Unfortunately, this represents the latest and greatest of Microsoft’s coding and we’re already finding critical issues with it. Fortunately, none of these “use after free” issues are being publicly exploited. “Use after free” is receiving more attention recently. However, Henry wants to emphasize that it’s not the delivery mechanism that’s a problem. The problem is not taking care of the end game: preventing unauthorized binary from running on your machine in the first place.

IT admins can’t seem to catch a break this year. First, the never-ending stream of Java issues that has kept folks on their toes since January. Now they’ve got another busy month of patches ahead of them, with seven total patches from Microsoft, four of which are critical. However, once again the issues outside of Microsoft will likely eclipse the Patch Tuesday patches this month.

According to Paul Henry, security and forensic analyst at Lumension, three months into 2013 and already we’re seeing higher numbers of patches from Microsoft, particularly across critical patches. Last year at this time, Microsoft was averaging seven patches, only two of which were critical. This year, Microsoft has so far averaged close to nine patches, about four of which are critical. To really put things in perspective, by March of 2011, Microsoft was averaging close to six patches, with around one critical patch. We can only hope that this increase is due to a combination of new platforms and better discovery of vulnerabilities, rather than actual ongoing security problems at Microsoft.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.