Unless you’re new to IT, you’re probably aware that today—the second Tuesday of the month—is Microsoft Patch Day. As expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like Internet Explorer (IE), Windows and its components, Sharepoint Server, and a few other Office server products. The worst two, Critical-rated updates fix security problems in IE and the Remote Desktop Client (RDC) that ships with Windows (specifically, its ActiveX control).
Next Tuesday, Microsoft will release nine security bulletins, two of which the Redmond-based software company rates as Critical. The bulletins will fix flaws in Windows, Internet Explorer (IE), Office, and some of Microsoft’s server and security software. As usual, they haven’t shared many details yet, but some experts expect the critical IE update to fix the zero day vulnerabilities disclosed at CanSecWest’s recent Pwn2Own contest. Either way, I expect the IE flaws to pose the greatest risk to most users, so you should plan on applying that patch as quickly as possible.
Though today’s Patch Day might seem pretty average as far as the number of security bulletins released, it does cover a rather eclectic range of Microsoft products. In fact, a few of the updates affect Mac users as well, and one is even exclusive to Mac.
We’re coming upon that time of the month again for Microsoft administrators; patch time. According to the latest Advanced Notification page, our Microsoft friends plan on releasing seven security bulletins next Tuesday. The bulletins will including updates to fix security vulnerabilities in Windows, Office, Internet Explorer (IE), Silverlight, and some of their Server Software.
This week’s InfoSec news video comes from the 2013 RSA Security Conference in San Francisco. As such, much of the episode covers the major themes from the show flow. However, cyber attackers don’t take a break just because the security industry is having a pow-wow.
Though not the biggest on record, today’s Patch Day is no slouch.
As expected, Microsoft released a dozen security bulletins, fixing 57 vulnerabilities that affect a range of their software, including:
February looks to be a busy month for Microsoft administrators. According to the latest advanced patch notification, the Redmond-based software company plans to release a dozen security bulletins next Tuesday. The bulletins will fix security flaws in Windows, Internet Explorer (IE), Office, the .NET Framework, and Exchange server. Microsoft rates five of the bulletins as Critical, and the rest as Important.
Red October, Cisco WLAN Updates, and Expelled Hacker Welcome to another “on the road” edition of WatchGuard Security Week in Review, the video podcast dedicated to summarizing the biggest InfoSec stories each week. This week’s episodes covers a Cisco wireless controller security update, Kaspersky’s investigation into the Red October cyber-espionage campaign, and the controversy surrounding an expelled “white hat” hacker. For more details on those stories and others, watch the short video below.
Ready for a weekly dose of InfoSec? This episode has a strong “patch” theme, with many vendors releasing some big security updates this week. Besides the patches, I also cover a few new 0day exploits, including a serious Java one getting leveraged quite a bit in the wild, and a couple crazy sounding security-related news items. If you want all the details, click play below, or check out the Reference section.
Besides all the Windows and Windows component-related bulletins from today, Microsoft also released a relatively minor bulletin about two cross-site scripting (XSS) vulnerabilities that affect Microsoft System Center Operations Manager (SCOM) 2007.