Top Tech News

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Product Reviews for Tech Leaders
Thursday, April 24th 
24/7/365 Network Uptime!
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Network Security
Tech Trends
Cloud Computing
Hardware
Applications
Microsoft/Windows
Apple/Mac
Mobile Tech
World Wide Web
Big Data
Communications
Hackers
Chips & Processors
Linux/Open Source
Personal Tech
Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Microsoft/Windows

Ho-Hum Patch Tuesday Missing IE Zero-Day Fix

Ho-Hum Patch Tuesday Missing IE Zero-Day Fix
January 9, 2013 10:32AM

Bookmark and Share
This Patch Tuesday may be average, but that doesn't mean it'll be an easy one for IT. There are a lot of restarts and they affect nearly all Windows operating systems. That's what security analyst Paul Henry told us. He also found it interesting, but not surprising, that Microsoft was still working on a fix for the Internet Explorer zero-day vulnerability.

Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.

Microsoft on Tuesday launched its first patches for 2013. The release offered seven security bulletins. Two are rated critical and five are rated important.

Andrew Storms, director of security operations for nCircle, said the XML bug should be at the top of everyone's "patch immediately" list. That, he said, is because this bug is going to be a popular target for attackers.

"If you can't do anything else right away, at least patch this one post haste," Storms told us. "This critical XML bug affects every version of Windows in one way or another because XML is used by a wide range of operating system components."

More Attacks Coming

Storms also pointed to an interesting bug in Microsoft's print spooler this month. Print spooler bugs played a role in the infamous Stuxnet malware, but Storms said this bug isn't anything like the vulnerability Stuxnet exploited.

"This bug requires a watering hole-style attack method, so it'll be pretty popular in attacker forums," Storms said. "This bug should also be patched pronto. Security researchers have confirmed that they can bypass the just released fix-it for the new IE zero-day bug. This news, combined with the fact that attack code for the basic exploit has already made its way into popular toolkits, is not good."

Storms predicted IT would continue to see an increase in attacks until Microsoft releases a patch for this flaw. He said it wouldn't surprise him to see an out-of-band patch in the next two weeks for this. As he sees it, this doesn't bode well for 2013, as Microsoft only released one out-of-band patch in all of 2012 and only one in 2011.

Boring Patches

Tyler Reguly, technical manager of security research and development, reminded us that in many years past Microsoft has started the New Year off with a bang. The patch of the year in 2010 was OpenType Font Code Execution, and the SMB Remote Code Execution was first in 2009. And it was TCP/IP Remote Code Execution that made headlines in January 2008.

"The last couple of years have had relatively boring 001 patches, and this year is no different. MS13-001 is assigned to a vulnerability affecting the print spooler. The print spooler itself isn't directly involved; it's third-party products that query it," Reguly said.

"Cross-site scripting (XSS) is part of the inaugural Patch Tuesday of 2013. In the past, patching one XSS in a product for Microsoft has often led to other XSS flaws being discovered that year, so this may be the start of a 2013 trend. Instead of SharePoint XSS patches, this may be the year of SCOM XSS patches." (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:



 Microsoft/Windows
1. Officials Reveal Microsoft Data Center
2. Microsoft, BMC Targeting VMware
3. Cortana Fills Windows Phone Gap
4. Review: Windows Embraces the Past
5. Patch Tuesday Offers Critical Fixes




 Most Popular Articles
1. Resetting All Passwords Now May Be Worst Heartbleed Fix
2. Silverpop: IBM Marketing Portfolio Gets Personal
3. Is Heartbleed the Biggest Web Security Threat Ever?
4. Analyst: Samsung Galaxy S5 Won't Sway iPhone Lovers
5. VMware Leverages AirWatch's MDM Tech in Horizon 6

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Google Maps, Now with Time Travel
  Lessons from Verizon's Threat Report
  NYPD Twitter Campaign Backfires
  Net Gets Faster, But Easier to Attack
  OnePlus One Boasts Android Weapon

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
Navigation
Top Tech News
Home/Top News | Network Security | Tech Trends | Cloud Computing | Hardware | Applications | Microsoft/Windows
Apple/Mac | Mobile Tech | World Wide Web | Big Data | Communications | Hackers | Chips & Processors
Linux/Open Source | Personal Tech | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Top Tech News. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.