The Security Detail

Feb 8 2013   9:15AM GMT

Microsoft has massive Patch Tuesday planned for next week

Tony Bradley Tony Bradley Profile: Tony Bradley

Get ready. Microsoft is unleashing 12 security bulletins next Tuesday to address a whopping 57 separate vulnerabilities.

Andrew Storms, director of security operations for nCircle, explains, “The dirty dozen affects a wide range of operating system versions and includes Exchange Server, a critical business application.  Over the past few months Microsoft has released a number of bug fixes for Oracle’s Outside In technology used by Exchange Server, but none of the bugs fixed represented severe threats. Exchange server bugs make a lot of people nervous; let’s hope this month’s Exchange patch is as dull as ditch water.”

According to the Microsoft Advance Notification, five of the 12 security bulletins are rated as Critical, while the remaining seven are Important.

Alex Horan, senior product manager, CORE Security, says, “This month we see some significant vulnerabilities with the potential to create a formidable one-two punch, which could be key to hackers unleashing the most powerful attacks in their arsenals. When these exploits are used in the right combination, the effects can be deadly for system administrators.”

Rapid7’s Senior Manager of Security Engineering, Ross Barrett, tries to find some silver lining, “It’s both good and bad news that the patches are mostly clustered on Windows Operating System, without dipping too much into Office or more esoteric specialty Microsoft products.  It’s good because administrators probably don’t have to worry about applying multiple patches for the same advisory to a single host.  It’s bad because an organization with even the simplest deployment of Microsoft products will probably be hit by all of these advisories, meaning their desktop and server teams will be extra busy.”

Storms has some concerns about Internet Explorer. “Internet explorer patches are always a top priority  and this month we’re going to get two Internet Explorer bulletins.  That’s unusual because generally, when Microsoft patches IE, the patch is delivered as  a single bulletin.  The planned delivery of two separate IE bulletins has my ‘Spidey’ senses on alert. I’m sure other IT security teams are wondering exactly what kind of IE valentine we’re going to get.”

Qualys CTO Wolfgang Kandek points out that Microsoft is not the only vendor issuing patches. “Adobe released out-of-band a new version of its Flash Player that fixes two vulnerabilities that are already being exploited in the wild. Update your Flash installations as quickly as possible – Users of Google Chrome and Internet Explorer 10 will get their Flash update automatically from Google and Microsoft respectively.”

I hope you didn’t have anything going on for Valentine’s Day, because you might be busy.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Tony Bradley
    [...] Tuesday, but Microsoft comes pretty close. For the February 2013 Patch Tuesday, Microsoft has a whopping 12 security bulletins, which fix a mind-numbing 57 separate [...]
    0 pointsBadges:
    report
  • Tony Bradley
    [...] Tuesday, but Microsoft comes pretty close. For the February 2013 Patch Tuesday, Microsoft has a whopping 12 security bulletins, which fix a mind-numbing 57 separate [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: