The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
You are here: Home / Data Security / Light MS Patch Tuesday Is a Relief
Is your endpoint data protected?
Light Microsoft Patch Tuesday Is a Relief for IT
Light Microsoft Patch Tuesday Is a Relief for IT
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
12
2012


In a welcome light month for IT administrators, Microsoft on Tuesday released two security bulletins. Both are rated important.

MS-12-061 fixes a vulnerability in Visual Studio Team Foundation Server. MS12-062 patches a vulnerability in Microsoft System Center Configuration Manager.

"Neither of the issues addressed is known to be under active exploit in the wild -- and, on another positive note, neither bulletin requires customers to restart their machines," said Angela Gunn of Microsoft's Trustworthy Computing. "As always, we recommend that customers deploy all security updates as soon as possible."

Sign of Maturity?

Paul Henry, security and forensic analyst at Lumension, told us he hopes September's light Patch Tuesday is a reflection of the maturity of Microsoft's secure coding initiatives.

"Some vendors scrambled with repeated emergency patches last week just days apart and others seemed to just shrug off multiple day zero vulnerabilities," Henry said. "To the delight of IT pros everywhere though, Microsoft has given us the least disruptive Patch Tuesday we've seen in a long time."

Analyst Surprised

Andrew Storms, director of security operations for nCircle, is surprised there are only two bulletins in this month's patch, because there's definitely a backlog of old bugs in addition to the new ones we already know about. He pointed to MS-CHAP as one example.

"This does make you wonder what Microsoft has planned for the October patch. Did Microsoft choose to deliver an extremely small patch this month because they have a monster patch in final testing for next month?" Storms asked. "This might be the first month Microsoft has delivered a set of patches that don't require a reboot. IT teams focused on uptime and availability metrics will be smiling for the rest of the month."

An Automatic Install

In other security-related news, Security Advisory 2661254, which tightens Windows certificate acceptance rules, deserves attention, according to Wolfgang Kandek, CTO of Qualys. He told us KB2661254 will go into automatic install mode through Windows Update in October, and IT admins should be aware of the consequences.

"The patch will change the Windows certificate system, and it will stop accepting certificates that are using RSA keys with fewer than 1024 bits because those keys are considered forge-able," Kandek said.

"The associated Microsoft Support article explains that the services that are potentially impacted by KB2661254 are Web browsing and e-mail. For more background information on the recent Microsoft Certificate changes, look at Microsoft's reaction to the DigiCert incident and recent events around the Flame malware."

Nine HP Zero-Day Vulnerabilities

Beyond Microsoft, Java has had several issues this year. The two recent zero-day vulnerabilities were highly-publicized after Oracle botched the patch process. Then there's Hewlett-Packard. Lumension's Henry said there are currently nine zero-day vulnerabilities in HP's enterprise products with no patch in sight.

"Eight of these vulnerabilities have been given the highest risk-level rating and they should be keeping IT up at night if they're using any of the affected products," Henry said. "I recommend considering compensating controls while we anxiously wait for HP to address these critical issues."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
IT departments are embracing cloud backup, but there's a lot you need to know before choosing a service provider. Learn all the critical things you need to know by accessing the white paper, "5 Things You Didn't Know About Cloud Backup". Access the White Paper now.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Mobile Technology Spotlight
iWatch Watch: What Will Apple Ask Us To Wear?
There are still more questions than answers when it comes to details about the smart watch Apple seems poised to debut on Sept. 9. In fact, nobody seems completely sure that it will be a smart watch at all.
 
Google Successfully Tests Its Own Delivery Drone
While top technology companies are engaged in an "arms race" to develop drones that can quickly deliver goods to anyone anywhere, Google has revealed it successfully tested its own version.
 
Will iPhone Finally Catch Up with NFC Mobile Payment Ability?
Apple's latest version of the iPhone may have a mobile wallet to pay for purchases with a tap of the phone. The iPhone 6 reportedly is equipped with near-field communication (NFC) technology.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.