Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Patch Tuesday affects broad range of Microsoft products

Rapid7 : 10 July, 2013  (Technical Article)
Rapid 7 analyses the latest patch release from Microsoft which seems likely to result in considerable work for IT administrators
Patch Tuesday affects broad range of Microsoft products

Microsoft releases its latest patch update which addresses a number of critical issues relating to remote code execution. Rapid 7's senior manager of security engineering, Ross Barrett explains:

“This month’s Patch Tuesday is the polar opposite of last month’s ho-hum, here-we-go-again-with-the-patches exercise. There are seven advisories, six of which are critical issues allowing remote code execution. Basically everything in the core Microsoft world is affected by one or more of these; every supported OS, every version of MS Office, Lync, Silverlight, Visual Studio and .NET.  It’s going to be a busy time for security teams everywhere.
 
For the first time ever Microsoft is addressing a single CVE (CVE-2013-3129) in three different advisories (MS13-052, MS13-053, and MS13-054). This issue relates to TrueType Font processing and legitimately affects different components. By splitting this out, Microsoft is directly addressing a complaint about previous "rolled up" advisories where it was difficult to properly prioritize the multiple patches required to remediate the problem, and component patches were frequently missed.
 
The top two patching priorities are the kernel issue (MS13-053) and the Internet Explorer patch bundle (MS13-055). These are both priority one, according to Microsoft, with MS13-052, MS13-054, MS13-056, and MS13-057 all coming in at priority two. Remember that patching priority and a “critical” rating from Microsoft factors in exploitability and if the vulnerability has been responsibly disclosed. Some of the vulnerabilities patched in MS13-052 and MS13-053 are known to be under active exploitation in the wild but exploitation is considered unlikely, whereas some of the responsibly disclosed issues in Internet Explorer are considered likely for exploitation now that the patch is out.
 
Going into today, three of the bulletins roughly matched the profile of the issue Google’s Tavis Ormandy disclosed back in May (CVE-2013-3660), which led to speculation that it might be fixed in this month's patching cycle, and despite reports to the contrary, it is included in MS13-053.
 
Microsoft also announced a policy change related to the Microsoft marketplace. Going forward, any "app" that is affected by a security issue will be removed from the store if it is not patched within 180 days of the issue being confirmed.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo