1234 Your street name, CA 30000

  1-234-567-1234

  email@yoursite.com

Free Microsoft Exams Videos and Training

Get Started

Microsoft’s final security push is missing the kitchen sink

Posted by

admin

Considering all that’s being patched this month, it seems as if Redmond forgot to include the kitchen sink…

Tripwire’s Tyler Reguly says that considering all that’s being patched this month, it seems as if Redmond forgot to include the kitchen sink. Next week, Microsoft ends 2013 with 11 bulletins, offering a slightly slower end-of-year patch cycle, but there’s still plenty to keep IT teams busy.

For the final Patch Tuesday of 2013, Microsoft will release five critical and six important bulletins, addressing flaws in every supported version of Windows, as well as all supported versions of Internet Explorer. Office is in the mix, as well as Exchange, SharePoint, and various developer tools.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

“With 11 bulletins this month, Microsoft will easily break 100 patches in 2013, beating last years’ numbers and even exceeding 2011’s December 29th release of MS11-100. System administrators everywhere must have made Microsoft’s naughty list because this holiday ‘gift’ is clearly a lump of coal,” said Taylor Reguly, Tripwire’s technical manager of security research.

“Microsoft is wrapping up the 2013 patch season with anything that was laying around. We’re seeing patches for ASP.NET SignalR, Office, Exchange 2013, SharePoint 2013, and Lync 2013, as well as every version of Windows and Internet Explorer. Someone should tell Microsoft they forgot to include the kitchen sink.”

Given that it is flagged as an elevation of privilege issue, there’s speculation that Bulletin 8 might be a fix for the Windows XP Zero-Day that’s circulating around online. But as usual Microsoft doesn’t disclose the exact nature of a pending security fix until the day it drops, so we’ll have to wait and see.

However, this month’s patches will fix the GDI+ vulnerability disclosed last month, which is actively being targeted. The flaw, addressed in MSA 2896666 is rather evil (see what I did there?), as it impacts Windows, Office, and Lync. The targeted attacks are focused on Windows XP and Office 2007

Click to rate this post!
[Total: 0 Average: 0]
, , ,

admin

Categories

Recent Posts

Tags

70-642 Android Cisco CCIE Exams Cisco CCIE Training Cisco CCNA Certification Cisco CCNA Training Comptia A+ Certification comptia a+ Training Facebook google MCITP mcitp certification mcitp exams mcitp training MCITP Training Best Microsoft MCTS Certification MCITP Trainnig Best Microsoft MCTS Certification MCSA mcsa audio training mcsa certification mcsa exams mcsa online study guides MCSA online Training MCSA test preparation mcsa training MCSE MCTS mcts cerfication MCTS Certification mcts exams MCTS Exams Training mcts training Microsoft Microsoft MCITP Training Microsoft MCITP Training at certkingdom.com Microsoft MCTS Certification Oracle Cloud Solutions SAP certification community forums SAP Certified Application Associate SAP Cloud certification SAP Cloud learning paths and resources Study guides for SAP Certified Associate Exams Twitter Windows Windows 8 Windows 10