Microsoft on Tuesday launched its first patches for 2013. The release offered seven security
bulletins. Two are rated critical and five are rated important.
Andrew Storms, director of security operations for nCircle, said the XML bug should be at the top of everyone's "patch immediately" list. That, he said, is because this bug is going to be a popular target for attackers.
"If you can't do anything else right away, at least patch this one post haste," Storms told us. "This critical XML bug affects every version of Windows in one way or another because XML is used by a wide range of operating system components."
More Attacks Coming
Storms also pointed to an interesting bug in Microsoft's print spooler this month. Print spooler bugs played a role in the infamous Stuxnet malware, but Storms said this bug isn't anything like the vulnerability Stuxnet exploited.
"This bug requires a watering hole-style attack method, so it'll be pretty popular in attacker forums," Storms said. "This bug should also be patched pronto. Security researchers have confirmed that they can bypass the just released fix-it for the new IE zero-day bug. This news, combined with the fact that attack code for the basic exploit has already made its way into popular toolkits, is not good."
Storms predicted IT would continue to see an increase in attacks until Microsoft releases a patch for this flaw. He said it wouldn't surprise him to see an out-of-band patch in the next two weeks for this. As he sees it, this doesn't bode well for 2013, as Microsoft only released one out-of-band patch in all of 2012 and only one in 2011.
Tyler Reguly, technical manager of security research and development, reminded us that in many years past Microsoft has started the New Year off with a bang. The patch of the year in 2010 was OpenType Font Code Execution, and the SMB Remote Code Execution was first in 2009. And it was TCP/IP Remote Code Execution that made headlines in January 2008.
"The last couple of years have had relatively boring 001 patches, and this year is no different. MS13-001 is assigned to a vulnerability affecting the print spooler. The print spooler itself isn't directly involved; it's third-party products that query it," Reguly said.
"Cross-site scripting (XSS) is part of the inaugural Patch Tuesday of 2013. In the past, patching one XSS in a product for Microsoft has often led to other XSS flaws being discovered that year, so this may be the start of a 2013 trend. Instead of SharePoint XSS patches, this may be the year of SCOM XSS patches."
Boring, But Not Easy
This month may be average, but that doesn't mean it'll be an easy one for IT. There are a lot of restarts this month and they affect nearly all Windows operating systems. That's what Paul Henry, security and forensic analyst at Lumension, told us. He also found it interesting, but not surprising, that Microsoft was still working on a fix for the IE zero-day vulnerability.
"If you haven't already, install the FixIt workaround, especially if you're using an older version of IE. There have been reports that the FixIt can be bypassed," Henry said. "We always recommend that you work from the latest version of any software, as that will be the most secure. As this vulnerability only affects older versions of IE, upgrading may be the best way to avoid the vulnerability."
Henry also pointed out that Microsoft last Thursday revoked three certificates from a Turkish certificate authority, EKO, which had been issued to Google.com. Microsoft moved them to the untrusted store, following on the heels of what Google and Mozilla have already done.
"If you're running on anything below Windows 8, be sure to check for the updates to those certificates. If you're on Windows 8 or above, you should be safe because your certificates will automatically be updated. We always advise you to use automatic updates to be sure they are always protected by the most recent certificates," Henry said.
"There is also an Nvidia display driver issue being fixed by Nvidia right now. Unfortunately, Microsoft's Driver Logo Program, which vets all drivers before re-releasing them, may slow the release of this patch to Microsoft users. This issue does affect both Windows 8 and Windows RT."