Patch Tuesday: A sack full of critical updates
Microsoft said the next Patch Tuesday include seven security updates to fix 11 faults. Those on IE, Exchange and Word are considered critical on different versions of Windows, including the latest.
5 of 7 updates are classified as critical, the highest threat ranking in the Redmond company. The other two are identified as important. Andrew Storm, Operational Director from nCircle Security and Paul Henry researcher at Lumension, place the updated IE 10 priority. For Paul Henry, "bugs relate to flaws in memory management." These errors can be exploited by hackers through attacks "drive by".
For patch Tuesday, only IE 9 and IE 10 are concerned, but other versions of the browser may be impacted. The Redmond company has rarely published code changes to enhance the safety of a product, especially if it is not technically vulnerable to attack. This is a prophylactic measure to prevent "that in the future a flaw is found in older versions of the browser exploit," said Andrew Storm. This is the second month the patches affect IE. In November, three critical flaws are repaired in IE 9. At the time Andrew Storm suspected Microsoft have managed to correct flaws in IE 10 before the commercial launch of Windows 8, last October 26th.
Critical flaws in Word and Exchange
Other updates are directed to one or several critical vulnerabilities in Windows, including version 8 and RT. They also identify a critical bug in Word 2003.2007 and 2010 and in Exchange 2007 and 2010. Andrew Storm back on this last point: "Exchange is one of the most critical applications in commercial and it is not something that can be stopped, especially in December." However, it does not say immediately apply the update for Exchange, due to the holiday season and New Year often crucial for businesses.
Paul Henry, who has regular contact with Microsoft, believes that the update for Exchange concern flaws discovered in the library code Outside In, the Redmond company terminates for Oracle. The mail server uses libraries to show attachments in a browser rather than opening locally in Word. In the past bugs have been discovered in the code that parses Exchange attachments. Oracle has corrected two threats in Outside-In on October 16.
Finally, in statistics, if the next Patch Tuesday is fixed at 7 updates Microsoft issued 83 security bulletins in 2012, a decrease of 17% compared to 2011 (with 100 updates). Patches against them by only 5% decline to 196 in 2012 against 206 in 2011.
5 of 7 updates are classified as critical, the highest threat ranking in the Redmond company. The other two are identified as important. Andrew Storm, Operational Director from nCircle Security and Paul Henry researcher at Lumension, place the updated IE 10 priority. For Paul Henry, "bugs relate to flaws in memory management." These errors can be exploited by hackers through attacks "drive by".
For patch Tuesday, only IE 9 and IE 10 are concerned, but other versions of the browser may be impacted. The Redmond company has rarely published code changes to enhance the safety of a product, especially if it is not technically vulnerable to attack. This is a prophylactic measure to prevent "that in the future a flaw is found in older versions of the browser exploit," said Andrew Storm. This is the second month the patches affect IE. In November, three critical flaws are repaired in IE 9. At the time Andrew Storm suspected Microsoft have managed to correct flaws in IE 10 before the commercial launch of Windows 8, last October 26th.
Critical flaws in Word and Exchange
Other updates are directed to one or several critical vulnerabilities in Windows, including version 8 and RT. They also identify a critical bug in Word 2003.2007 and 2010 and in Exchange 2007 and 2010. Andrew Storm back on this last point: "Exchange is one of the most critical applications in commercial and it is not something that can be stopped, especially in December." However, it does not say immediately apply the update for Exchange, due to the holiday season and New Year often crucial for businesses.
Paul Henry, who has regular contact with Microsoft, believes that the update for Exchange concern flaws discovered in the library code Outside In, the Redmond company terminates for Oracle. The mail server uses libraries to show attachments in a browser rather than opening locally in Word. In the past bugs have been discovered in the code that parses Exchange attachments. Oracle has corrected two threats in Outside-In on October 16.
Finally, in statistics, if the next Patch Tuesday is fixed at 7 updates Microsoft issued 83 security bulletins in 2012, a decrease of 17% compared to 2011 (with 100 updates). Patches against them by only 5% decline to 196 in 2012 against 206 in 2011.
Patch Tuesday: A sack full of critical updates
مراجعة من قبل fortech
ÙÙŠ
12:40 م
تصنيÙ: