dcsimg

No Love for IT this Valentine’s Day

  • No Love for IT this Valentine’s Day

    No Love for IT this Valentine’s Day-

    MS13-020 is an update in OLE (object linking and embedded) automation. The impact of this bulletin is limited, only affecting XP Service Pack 3. However, this should be a very high priority for XP users because it is a remote code execution issue. Risk is mitigated slightly because authentication is required for execution. The primary vector for attack through this vulnerability would be parsing RTF files in email through OLE automation.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18

No Love for IT this Valentine’s Day

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18
  • No Love for IT this Valentine’s Day-4

    MS13-020 is an update in OLE (object linking and embedded) automation. The impact of this bulletin is limited, only affecting XP Service Pack 3. However, this should be a very high priority for XP users because it is a remote code execution issue. Risk is mitigated slightly because authentication is required for execution. The primary vector for attack through this vulnerability would be parsing RTF files in email through OLE automation.

According to Paul Henry, security and forensic analyst at Lumension, it’s going to be a rough Valentine’s Day for many IT admins this month. With ongoing issues with Java and 12 bulletins from Microsoft, including five critical issues and many restarts, it’s going to be a very disruptive Patch Tuesday.

It’s disturbing to note how many different Microsoft platforms are critically affected this month. Everything from Windows XP to the new Windows RT is critically impacted. It’s never a good sign when your current code base is impacted. There are also many more bulletins this month than we’ve seen in the last few months. Henry noted in December that 2012 brought more consistency and stability to Patch Tuesday than we saw in 2011. He hopes that this month is a one-time spike and not a return to the yo-yo pattern of 2011.