HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 13 MINUTES AGO.
You are here: Home / Windows Security / Year's First MS Patch Tuesday Ho-Hum
Druva Endpoint Backup:
Enterprises Realize Simple Secure Backup with Druva
www.druva.com
Ho-Hum Patch Tuesday Missing IE Zero-Day Fix
Ho-Hum Patch Tuesday Missing IE Zero-Day Fix
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
09
2013

Microsoft on Tuesday launched its first patches for 2013. The release offered seven security bulletins. Two are rated critical and five are rated important.

Andrew Storms, director of security operations for nCircle, said the XML bug should be at the top of everyone's "patch immediately" list. That, he said, is because this bug is going to be a popular target for attackers.

"If you can't do anything else right away, at least patch this one post haste," Storms told us. "This critical XML bug affects every version of Windows in one way or another because XML is used by a wide range of operating system components."

More Attacks Coming

Storms also pointed to an interesting bug in Microsoft's print spooler this month. Print spooler bugs played a role in the infamous Stuxnet malware, but Storms said this bug isn't anything like the vulnerability Stuxnet exploited.

"This bug requires a watering hole-style attack method, so it'll be pretty popular in attacker forums," Storms said. "This bug should also be patched pronto. Security researchers have confirmed that they can bypass the just released fix-it for the new IE zero-day bug. This news, combined with the fact that attack code for the basic exploit has already made its way into popular toolkits, is not good."

Storms predicted IT would continue to see an increase in attacks until Microsoft releases a patch for this flaw. He said it wouldn't surprise him to see an out-of-band patch in the next two weeks for this. As he sees it, this doesn't bode well for 2013, as Microsoft only released one out-of-band patch in all of 2012 and only one in 2011.

Boring Patches

Tyler Reguly, technical manager of security research and development, reminded us that in many years past Microsoft has started the New Year off with a bang. The patch of the year in 2010 was OpenType Font Code Execution, and the SMB Remote Code Execution was first in 2009. And it was TCP/IP Remote Code Execution that made headlines in January 2008.

"The last couple of years have had relatively boring 001 patches, and this year is no different. MS13-001 is assigned to a vulnerability affecting the print spooler. The print spooler itself isn't directly involved; it's third-party products that query it," Reguly said.

"Cross-site scripting (XSS) is part of the inaugural Patch Tuesday of 2013. In the past, patching one XSS in a product for Microsoft has often led to other XSS flaws being discovered that year, so this may be the start of a 2013 trend. Instead of SharePoint XSS patches, this may be the year of SCOM XSS patches."

Boring, But Not Easy

This month may be average, but that doesn't mean it'll be an easy one for IT. There are a lot of restarts this month and they affect nearly all Windows operating systems. That's what Paul Henry, security and forensic analyst at Lumension, told us. He also found it interesting, but not surprising, that Microsoft was still working on a fix for the IE zero-day vulnerability.

"If you haven't already, install the FixIt workaround, especially if you're using an older version of IE. There have been reports that the FixIt can be bypassed," Henry said. "We always recommend that you work from the latest version of any software, as that will be the most secure. As this vulnerability only affects older versions of IE, upgrading may be the best way to avoid the vulnerability."

Henry also pointed out that Microsoft last Thursday revoked three certificates from a Turkish certificate authority, EKO, which had been issued to Google.com. Microsoft moved them to the untrusted store, following on the heels of what Google and Mozilla have already done.

"If you're running on anything below Windows 8, be sure to check for the updates to those certificates. If you're on Windows 8 or above, you should be safe because your certificates will automatically be updated. We always advise you to use automatic updates to be sure they are always protected by the most recent certificates," Henry said.

"There is also an Nvidia display driver issue being fixed by Nvidia right now. Unfortunately, Microsoft's Driver Logo Program, which vets all drivers before re-releasing them, may slow the release of this patch to Microsoft users. This issue does affect both Windows 8 and Windows RT."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN WINDOWS SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.