CIO Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
Daily Briefing for Technology's Top Decision-Makers
Neustar, Inc.
Protect your website & network
using real-time information & analysis

www.neustar.biz
Thursday, April 24th 
Next Generation Data Center Is Here!
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Enterprise Software
Enterprise Hardware
Big Data
Network Security
Cloud Computing
CRM Systems
Data Storage
Operating Systems
Communications
CIO Issues
Mobile Tech
Chips & Processors
World Wide Web
Business Briefing
After Hours
Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Network Security

Microsoft Patch Tuesday To Bring Heavy Office Emphasis

Microsoft Patch Tuesday To Bring Heavy Office Emphasis
March 8, 2013 10:56AM

Bookmark and Share
"The focus has changed direction from last month, where Office wasn't addressed, to four of seven advisories this month relating to Office," said security expert Ross Barrett about Microsoft's next Patch Tuesday. Of the seven security fixes Microsoft is releasing for Patch Tuesday, four are rated as critical.

Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.

Call it March Madness. Microsoft on Tuesday will roll out seven security bulletins. Four of the bulletins are rated critical and three are rated important -- and some require restarts.

The critical bulletins affect Microsoft Windows, Silverlight for Office, and Microsoft Server software. The other bulletins aim to fix vulnerabilities in Office and Windows.

"IT admins can't seem to catch a break this year. First, the never-ending stream of Java issues that has kept folks on their toes since January," said Paul Henry, a security and forensic analyst at Lumension. "Now they've got another busy month of patches ahead of them, with seven total patches from Microsoft, four of which are critical. However, once again the issues outside of Microsoft will likely eclipse the Patch Tuesday issues this month."

A Heavy Office Focus

Ross Barrett, senior manager of security engineering at Rapid 7, told us it was interesting that Bulletin 1 does not list Internet Explorer 10 on Windows 7 as vulnerable. It may be an omission, he said, or it may be that the fix was included when IE 10 was released for Windows 7 systems last week. Regardless, he said, this is where he would prioritize his patching efforts.

"From this vantage, my gut feel is that Bulletin 3 is the second most important to patch, followed by either of the two other critical issues," Barrett said. "The information disclosure issues in Office I would patch when it isn't going to impact your users in any way. One of them, at least, will not require a restart."

Barrett also pointed to Bulletin 4, which is only an "elevation of privilege" vulnerability. Still, he said, it's listed as critical. That may mean that it is remotely exploitable with a known user name, or that it is already being exploited in the wild.

Meanwhile, Bulletin 2 is listed as critical in Silverlight, which is interesting to Barrett since Silverlight is not among Microsoft's most popular apps. He suggested users who have installed Silverlight should deploy this patch quickly since the risk would be on par with a Flash vulnerability.

"The focus has changed direction from last month, where Office wasn't addressed, to four of seven advisories this month relating to Office," Barrett said. "It seems likely that the seventh bulletin is another Windows kernel or kernel driver issue, since it is a core operating system vulnerability, requires a restart, and the risk is elevation of privilege."

PWN2OWN Results

In other security news, the ZDI's PWN2OWN competition is going on at the CanSecWest security conference in Vancouver. PWN2OWN awards prizes ranging from $20,000 to $100,000 to security researchers that demonstrate vulnerabilities in Adobe Flash, Adobe Reader, Google Chrome, Internet Explorer, Firefox and Java.

"In Wednesday's run, prizes have been claimed for Oracle Java by James Forshaw, Oracle Java again by Joshua Drake, IE10 on Windows 8 by VUPEN, Google Chrome on Windows 7 by a team from MWR Labs, John and Nils, and finally Mozilla Firefox and Oracle Java, both by the team at VUPEN," said Wolfgang Kandek, CTO at Qualys. "You can expect patches for these vulnerabilities to be released over the coming weeks."

Tell Us What You Think
Comment:

Name:



 Network Security
1. Fund Seeks To Head Off Heartbleeds
2. Lessons from Verizon's Threat Report
3. Verizon Report Exposes Cyberthreats
4. How Are Web Sites Post-Heartbleed?
5. White House Updating Privacy Policy




 Most Popular Articles
1. BlackBerry Drops T-Mobile After Nasty Spat
2. Cisco, IBM Launch Internet of Things Consortium
3. Salesforce CRM Gets Industry Specific for Internet of Customers
4. Intel Bets on Cloudera for Big Data Analytics
5. SAP HANA Data Warehouse App Gets Faster Analytics

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  IBM Targets Big Data with Power8 Line
  Opera Coast Offers Safari Alternative
  FCC Defends Internet Traffic Proposal
  Fund Seeks To Head Off Heartbleeds
  Salesforce Developing App SOS Button

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.
 
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Navigation
CIO Today
Home/Top News | Enterprise Software | Enterprise Hardware | Big Data | Network Security | Cloud Computing | CRM Systems
Data Storage | Operating Systems | Communications | CIO Issues | Mobile Tech | Chips & Processors | World Wide Web
Business Briefing | After Hours | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 CIO Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.