This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft's Valentine's gift: nine bulletins with four critical centres

Share this article:

Microsoft will release nine bulletins to address 21 vulnerabilities in Windows, Office, Internet Explorer and .NET/Silverlight on its next Patch Tuesday.

Scheduled to be released on 14 February, the load will include four critical patches for Windows, Internet Explorer and .NET/Silverlight, while the remaining five patches will be rated as important and affect Windows and Office.

Andrew Storms, director of security operations at nCircle, said: “Microsoft is planning to deliver a big ‘Valentine' next Tuesday. Their advance notification indicated they plan to release nine bulletins and 21 CVEs next Tuesday; this is very consistent with February 2011's ‘Valentine delivery' that included 12 bulletins and 22 CVEs.

“It's surprising that this month's patch affects almost every Windows operating system, each OS is affected by five of the eight applicable bulletins. That's kind of weird because newer OS versions are generally more secure.

“It's even more surprising that Windows Server 2008 R2 is affected by the greatest number of bulletins. Generally, we see fewer bugs on server-side operating systems and this is doubly true for Server 2008 since so many of its newer mitigations and default settings protect the OS even when bugs are found.”

Paul Henry, security and forensic analyst at Lumension, said: “IT continues to benefit from Microsoft's security initiatives in 2012 with comparatively lower numbers year on year. This month, IT should prioritise the four critical bulletins first as all of them likely require a restart.

“The light patch load from Microsoft does not mean IT can sit back and relax, however. A significant patch update from Oracle came out recently and, as always, threats targeting Java must be addressed.”

Wolfgang Kandek, CTO of Qualys, said the critical update to Internet Explorer should be highest priority, especially as attackers are quickly incorporating browser-based attacks into their toolkits; with an exploit for MS12-004 detected 15 days after Patch Tuesday.

“There are also two critical fixes for Windows itself, plus one for the .NET framework that should be prioritised. In the 'important' category, there are three Remote Code Execution vulnerabilities, one of them in Office. Most likely we are looking at file-based attacks and at least the Office vulnerability should be included in your first tier of patching,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...