This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft to deliver 12 patches next week, with five rated as critical

Share this article:
Microsoft to release 13 bulletins covering 22 vulnerabilities on its August Patch Tuesday
Microsoft to release 13 bulletins covering 22 vulnerabilities on its August Patch Tuesday

Microsoft is to release 12 bulletins next Tuesday, including five critical patches, to cover 57 vulnerabilities.

Covering critical flaws in Windows, Internet Explorer and Exchange Software and important-rated issues in Windows, Office, the .Net Framework and Microsoft Server Software, it follows the seven bulletins released in January and the emergency patch for Internet Explorer.

Ziv Mador, director of security research at Trustwave, said: “The advance notification of Patch Tuesday from Microsoft has 12 bulletins listed for this month. Not a small number by any means, but not completely unmanageable either.

“There will be six bulletins addressing remote code execution, four for elevation of privilege and two for denial-of-service. Two of the critical ones are in Internet Explorer, which can't be good; the other critical ones are in Windows and Microsoft Exchange 2007 and 2010.

“The two critical bulletins in Internet Explorer seem to impact all versions, which include 6, 7, 8, 9 and 10. This will probably make these two the most critical of all the critical patches this month.

“Everything else this month looks pretty run of the mill as far as Microsoft patches go; not to say they aren't important, just not as dramatic as critical patches for IE and Exchange. Also this month look for an update to the Microsoft Windows Malicious Software Removal Tool. We should see the full release from Microsoft on schedule next Tuesday.”

Andrew Storms, director of security operations for nCircle, said: “Coming off a rocky start to 2013, Microsoft's planning on sending out a tough love valentine next week with 12 security bulletins.

“The dirty dozen affects a wide range of operating system versions and includes Exchange Server, a critical business application. Over the past few months Microsoft has released a number of bug fixes for Oracle's Outside In technology used by Exchange Server, but none of the bugs fixed represented severe threats. Exchange Server bugs make a lot of people nervous; let's hope this month's Exchange patch is as dull as ditch water.

Internet Explorer patches are always a top priority and this month we're going to get two Internet Explorer bulletins. That's unusual because generally, when Microsoft patches IE, the patch is delivered as a single bulletin. The planned delivery of two separate IE bulletins has my ‘Spidey' senses on alert. I'm sure other IT security teams are wondering exactly what kind of IE valentine we're going to get.”

Ross Barrett, senior manager of security engineering at Rapid7, said: “The February 2013 Microsoft Patch Tuesday bulletin was released with 12 advisories and is bigger than average, which means security and IT teams will be busier than average. It's both good and bad news that the patches are mostly clustered on Windows Operating System, without dipping too much into Office or more esoteric specialty Microsoft products.

It's good because administrators probably don't have to worry about applying multiple patches for the same advisory to a single host; it's bad because an organisation with even the simplest deployment of Microsoft products will probably be hit by all of these advisories, meaning their desktop and server teams will be extra busy.”

Wolfgang Kandek, CTO of Qualys, said: “Today Microsoft published its Advance Notice for this month's Patch Tuesday. But more importantly Adobe released out-of-band a new version of its Flash Player that fixes two vulnerabilities that are already being exploited in the wild on both Windows and Mac OS X.

“Update your Flash installations as quickly as possible. Users of Google Chrome and Internet Explorer 10 will get their Flash update automatically from Google and Microsoft respectively.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Targeted spear phishing campaign targets governments, law enforcement

Targeted spear phishing campaign targets governments, law enforcement

Kaspersky Lab claims to have identified a highly targeted spear phishing campaign that picks on high profile victims - including government, military, law enforcement agencies and embassies.

Malaysian investigators 'hacked' for confidential MH370 records

Malaysian investigators 'hacked' for confidential MH370 records

Around 30 computers at Malaysian law enforcement agencies looking into the disappearance of the MH370 airplane have reportedly been hacked, with perpetrators making off with confidential data on the aircraft.

75,000 reasons not to jailbreak your iPhone or iPad

75,000 reasons not to jailbreak your iPhone or ...

Malicious AdThief malware replaces adverts appearing on Apple users screens