Microsoft to release seven advisories on Tuesday
Posted on 04 January 2013.
The first Microsoft Patch Tuesday of 2013 includes 7 advisories (MS13-001 MS13-007), two of which are listed as critical because they can be executed remotely.


One of these is bulletin 1, which affects Microsoft Server platforms. This is where I would prioritize patching efforts because this is potentially a worm-able bug and since Server Core is affected it could apply to a very common service.

Based on the affected systems, Server 2012 and 2008 SP2 are not affected, but Server 2008 release and SP1 are affected, so this is likely something Microsoft has known about for a while and quietly fixed.

The other critical is bulletin 2, which impacts a dogs breakfast of Microsoft operating systems and applications (including Windows 8, RT, and Server 2012); this is likely another broad reaching library bug (a la GDI).

One thing to watch out for in this type of vulnerability is applying all the patches that apply to a system, e.g. it affects, Groove, Office, SharePoint, the OS, and other components. Administrators will have to patch for each affected component.

The other advisories are three privilege elevations, a security bypass and a DoS affecting Windows and .NET.



Author: Ross Barrett, Senior Manager, Security Engineering, at Rapid7.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals its our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //