Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
UCS Invicta: Integrated Flash
Deploy flash memory technology to
deliver peak workload performance.

Find out more>>
Microsoft/Windows
Real-time info services with Neustar
Average Rating:
Rate this article:  
Light Microsoft Patch Tuesday Is a Relief for IT
Light Microsoft Patch Tuesday Is a Relief for IT

By Jennifer LeClaire
September 12, 2012 10:28AM

Bookmark and Share
"This does make you wonder what Microsoft has planned for the October patch. Did Microsoft choose to deliver an extremely small patch this month because they have a monster patch in final testing for next month?" security researcher Andrew Storms asked. "This might be the first month Microsoft has delivered a set of patches that don't require a reboot."
 


In a welcome light month for IT administrators, Microsoft on Tuesday released two security bulletins. Both are rated important.

MS-12-061 fixes a vulnerability in Visual Studio Team Foundation Server. MS12-062 patches a vulnerability in Microsoft System Center Configuration Manager.

"Neither of the issues addressed is known to be under active exploit in the wild -- and, on another positive note, neither bulletin requires customers to restart their machines," said Angela Gunn of Microsoft's Trustworthy Computing. "As always, we recommend that customers deploy all security updates as soon as possible."

Sign of Maturity?

Paul Henry, security and forensic analyst at Lumension, told us he hopes September's light Patch Tuesday is a reflection of the maturity of Microsoft's secure coding initiatives.

"Some vendors scrambled with repeated emergency patches last week just days apart and others seemed to just shrug off multiple day zero vulnerabilities," Henry said. "To the delight of IT pros everywhere though, Microsoft has given us the least disruptive Patch Tuesday we've seen in a long time."

Analyst Surprised

Andrew Storms, director of security operations for nCircle, is surprised there are only two bulletins in this month's patch, because there's definitely a backlog of old bugs in addition to the new ones we already know about. He pointed to MS-CHAP as one example.

"This does make you wonder what Microsoft has planned for the October patch. Did Microsoft choose to deliver an extremely small patch this month because they have a monster patch in final testing for next month?" Storms asked. "This might be the first month Microsoft has delivered a set of patches that don't require a reboot. IT teams focused on uptime and availability metrics will be smiling for the rest of the month."

An Automatic Install

In other security-related news, Security Advisory 2661254, which tightens Windows certificate acceptance rules, deserves attention, according to Wolfgang Kandek, CTO of Qualys. He told us KB2661254 will go into automatic install mode through Windows Update in October, and IT admins should be aware of the consequences.

"The patch will change the Windows certificate system, and it will stop accepting certificates that are using RSA keys with fewer than 1024 bits because those keys are considered forge-able," Kandek said.

"The associated Microsoft Support article explains that the services that are potentially impacted by KB2661254 are Web browsing and e-mail. For more background information on the recent Microsoft Certificate changes, look at Microsoft's reaction to the DigiCert incident and recent events around the Flame malware."

Nine HP Zero-Day Vulnerabilities

Beyond Microsoft, Java has had several issues this year. The two recent zero-day vulnerabilities were highly-publicized after Oracle botched the patch process. Then there's Hewlett-Packard. Lumension's Henry said there are currently nine zero-day vulnerabilities in HP's enterprise products with no patch in sight.

"Eight of these vulnerabilities have been given the highest risk-level rating and they should be keeping IT up at night if they're using any of the affected products," Henry said. "I recommend considering compensating controls while we anxiously wait for HP to address these critical issues."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Microsoft/Windows
1.   Win Phone 8.1 Update Already on Way
2.   Yammer Moved to Office 365
3.   Can One Size Windows OS Fit All?
4.   Microsoft CEO Sees 'Bold' Plan Ahead
5.   Future of Laid-Off MS Employees


advertisement
Microsoft CEO Sees 'Bold' Plan Ahead
With unified Windows for all platforms.
Average Rating:
Design Central to Microsoft Future
New ethos a break from functional past.
Average Rating:
Bing Lets Europeans Be 'Forgotten'
Following in Google's footsteps.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Canadian Government Charges China With Cyberattack
The government of Canada is not happy with China. Canadian officials have accused "a highly sophisticated Chinese state-sponsored actor" of launching a cyberattack on its National Research Council.
 
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 

Enterprise Hardware Spotlight
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Watson Gets His First Customer Service Gig
Since appearing on Jeopardy, IBM's Watson supercomputer has been making a living using his super-intelligent knowledge base for business verticals. Now, Watson's been hired for his first customer service job.
 
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 

Mobile Technology Spotlight
Android 'Fake ID' Puts Millions of Users at Risk
Having this fake ID is nothing to brag about, even if you are a minor. The “Fake ID” Android flaw drops malware into smartphone apps. It can steal credit card data and even take over your device.
 
FTC Wants Fix for 'Perfect Scam' of Mobile Cramming
The U.S. Federal Trade Commission has issued new guidelines to curb “mobile cramming,” a troublesome practice that adds unauthorized third-party charges to mobile phone bills.
 
Facebook: You Will Use Messenger, and You Will Like It
Starting this week, Facebook users with Android and iOS phones will be forced to use the separate Messenger app to send Facebook messages. Pending messages will still be visible in the main app.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.