Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Build Apps 5x Faster
For Half the Cost
Enterprise Cloud Computing

On Force.com
Windows Security
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Light Microsoft Patch Tuesday Is a Relief for IT
Light Microsoft Patch Tuesday Is a Relief for IT

By Jennifer LeClaire
September 12, 2012 10:28AM

Bookmark and Share
"This does make you wonder what Microsoft has planned for the October patch. Did Microsoft choose to deliver an extremely small patch this month because they have a monster patch in final testing for next month?" security researcher Andrew Storms asked. "This might be the first month Microsoft has delivered a set of patches that don't require a reboot."
 


In a welcome light month for IT administrators, Microsoft on Tuesday released two security bulletins. Both are rated important.

MS-12-061 fixes a vulnerability in Visual Studio Team Foundation Server. MS12-062 patches a vulnerability in Microsoft System Center Configuration Manager.

"Neither of the issues addressed is known to be under active exploit in the wild -- and, on another positive note, neither bulletin requires customers to restart their machines," said Angela Gunn of Microsoft's Trustworthy Computing. "As always, we recommend that customers deploy all security updates as soon as possible."

Sign of Maturity?

Paul Henry, security and forensic analyst at Lumension, told us he hopes September's light Patch Tuesday is a reflection of the maturity of Microsoft's secure coding initiatives.

"Some vendors scrambled with repeated emergency patches last week just days apart and others seemed to just shrug off multiple day zero vulnerabilities," Henry said. "To the delight of IT pros everywhere though, Microsoft has given us the least disruptive Patch Tuesday we've seen in a long time."

Analyst Surprised

Andrew Storms, director of security operations for nCircle, is surprised there are only two bulletins in this month's patch, because there's definitely a backlog of old bugs in addition to the new ones we already know about. He pointed to MS-CHAP as one example.

"This does make you wonder what Microsoft has planned for the October patch. Did Microsoft choose to deliver an extremely small patch this month because they have a monster patch in final testing for next month?" Storms asked. "This might be the first month Microsoft has delivered a set of patches that don't require a reboot. IT teams focused on uptime and availability metrics will be smiling for the rest of the month."

An Automatic Install

In other security-related news, Security Advisory 2661254, which tightens Windows certificate acceptance rules, deserves attention, according to Wolfgang Kandek, CTO of Qualys. He told us KB2661254 will go into automatic install mode through Windows Update in October, and IT admins should be aware of the consequences.

"The patch will change the Windows certificate system, and it will stop accepting certificates that are using RSA keys with fewer than 1024 bits because those keys are considered forge-able," Kandek said.

"The associated Microsoft Support article explains that the services that are potentially impacted by KB2661254 are Web browsing and e-mail. For more background information on the recent Microsoft Certificate changes, look at Microsoft's reaction to the DigiCert incident and recent events around the Flame malware."

Nine HP Zero-Day Vulnerabilities

Beyond Microsoft, Java has had several issues this year. The two recent zero-day vulnerabilities were highly-publicized after Oracle botched the patch process. Then there's Hewlett-Packard. Lumension's Henry said there are currently nine zero-day vulnerabilities in HP's enterprise products with no patch in sight.

"Eight of these vulnerabilities have been given the highest risk-level rating and they should be keeping IT up at night if they're using any of the affected products," Henry said. "I recommend considering compensating controls while we anxiously wait for HP to address these critical issues."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Windows Security
1.   Barracuda Secures Microsoft Azure
2.   Windows 7 Ends Mainstream Support
3.   Cybercrime Ring Uncovered in Brazil
4.   Fix on Way for Win 8.1 Upgrade Woes
5.   Android, Win Phone To Get Kill Switch


advertisement
Windows 7 Ends Mainstream Support
But extended support still available.
Average Rating:
Barracuda Secures Microsoft Azure
With updated Web Application Firewall.
Average Rating:
Cybercrime Ring Uncovered in Brazil
Malware hit the boleto payment system.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
New Web Tracking Technologies Defeat Privacy Protections
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new study by researchers at Princeton and the University of Leuven in Belgium.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.