More

    In Life There Are Two Certainties – Taxes and Patches

    As we approach April 17, we get to deal with both filing our income taxes and a taxing bunch of patches from Microsoft and others. While the overall number of patches from Microsoft is light, we have four critical patches along with two important ones. They impact a wide array of platforms and applications including Microsoft Windows, IE, .NET Microsoft Office, SQL Server, Windows Server, Developer Tools and Forefront. Most concerning is that some critical issues seem to impact Windows from the older legacy XP platform. Lately we have come to expect current Windows 7 and Windows 2008 platform issues.

    Paul Henry, security and forensic analyst with Lumension, takes a closer look at the details from Microsoft.

    In Life There Are Two Certainties - Taxes and Patches - slide 1

    Click through for a closer look at recent and upcoming patches, as identified by Paul Henry, security and forensic analyst with Lumension.

    In Life There Are Two Certainties - Taxes and Patches - slide 2

    MS012-23 Rated Critical Cumulative Security Update for Internet Explorer

    Requires a restart. It impacts IE across family of platforms, corrects five privately reported issues and addresses a remote code issue.

    In Life There Are Two Certainties - Taxes and Patches - slide 3

    MS012-24 Rated Critical Vulnerability in Windows

    Requires a restart. This vulnerability impacts third-party signed code and could be used in a man-in-the-middle attack.

    In Life There Are Two Certainties - Taxes and Patches - slide 4

    MS012-25 Rated Critical Vulnerability in .NET Framework

    May require a restart. This is a .NET developer issue that could allow remote code execution.

    In Life There Are Two Certainties - Taxes and Patches - slide 5

    MS012-27 Rated Critical Vulnerability in Windows Common Controls Code

    May require a restart. This is an Active X issue that impacts numerous applications; it could allow remote code execution.

    In Life There Are Two Certainties - Taxes and Patches - slide 6

    MS012-26 Rated Important Impacts ForeFront UAG

    May require a restart. This vulnerability takes advantage of a UAG Direct Access issue and is an information disclosure issue.

    In Life There Are Two Certainties - Taxes and Patches - slide 7

    MS012-28 Rated Important Vulnerability in Microsoft Office

    May require a restart. This is a Microsoft Office write access vulnerability that could allow remote code execution.

    In Life There Are Two Certainties - Taxes and Patches - slide 8

    According to Henry, perhaps the bigger story this Patch Tuesday is Apple (and their lack of a formal Patch Tuesday like program).

    Anyone with Internet access has been reading the stories of Apple products being impacted with yet more malware. This time around it is already impacting an estimated 600,000 Macs after snubbing the researchers that found the botnet. Apple eventually released a patch that, as always, played down any sense of urgency to empower users to make their own informed decision. If you just so happened to have checked for updates on your Mac recently you would have seen a note that a Java patch is available:

    “Java for OS X 2012-001 delivers improved compatibility, security, and reliability by updating Java SE 6 to 1.6.0_31.”

    The original patch from Apple was released on April 3rd and then quickly followed up with another patch on April 6th it is assumed that a glitch in the original patch necessitated a second patch be released by Apple.

    No mention from Apple that 600,000 users were infected or that the exploit is clearly being used in the wild. According to Henry, if Apple wants to be taken seriously as an enterprise player they have to stop trying to hide behind their issues and take a lesson from Microsoft. They need to own up to the vulnerabilities and provide users with enough information to make educated decisions regarding urgency in flaw remediation. Interesting to also note that it was about 7 weeks after Oracle released a patch for an eerily similar Java issue that Apple addressed the issue (albeit quietly).

    In Life There Are Two Certainties - Taxes and Patches - slide 9

    Another recent patch worth mentioning this Patch Tuesday comes from Adobe that fixes two critical vulnerabilities in Flash Player across Solaris, Linux, Mac OS X and Windows platforms. Read more on the Adobe Flash Player patch here in the respective Adobe Security Bulletin.

    In Life There Are Two Certainties - Taxes and Patches - slide 10

    Google released multiple patches for Chrome this Patch Tuesday period. The latest patch on April 9th addressed 12 security issues and followed the previous patch released just 8 days earlier.

    In Life There Are Two Certainties - Taxes and Patches - slide 11

    Mozilla added vulnerable Java Plug-ins to its black list in efforts to protect users in its latest patch.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles