Related Stories

Top 5 Stories


Death, taxes, and Microsoft's Patch Tuesday

09 April 2012

IT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers.

The four critical bulletins affect Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server and software, as well as Microsoft developer tools. The two important bulletins affect Microsoft Office and Forefront access gateway. A total of 11 vulnerabilities are being plugged, according to the Microsoft advisory.

“Bulletin #4 has the potential to cause IT security teams some serious headaches because it covers Office, SQL Server, Biztalk, Commerce Server, Visual FoxPro and Visual Basic. Anytime a bulletin covers such a wide range of products, IT security teams have to pause and think hard about deployment. It also requires some rigorous patch testing”, obseved Andrew Storms, director of security operations at nCircle.

Wolfgang Kandek, chief technology officer with Qualys, agreed that Bulletin 4 will be “challenging” because it addresses a variety of applications. However, he stressed that Bulletin 1 should have the “highest priority” because it is a critical vulnerability “affecting all versions of Internet Exploer (6,7, 8,9) on respective platforms XP, 2003, Win7 and 2008 both 32 and 64 bit. Bulletin 2 is the second most critical and updates the Windows operating system, again encompassing all versions, both 64- and 32-bit.”

Paul Henry, security and forensic analyst for Lumension, said he was concerned about the critical issues that “seem to impact Windows from the older legacy XP platform that we have come to expect from current Windows 7 and Windows 2008 platforms, which is surprising because they have had the benefit of Microsoft’s secure coding initiatives.”

This article is featured in:
Application Security  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×