Salted Hash — IT security news

By Bill Brenner

About this Blog:

IT security news analysis, over easy!

Patch Tuesday preview, February 2012

Posted February 09, 2012 to Network Security |

Microsoft published its Patch Tuesday preview for February of 2012. IT admins can expect nine bulletins to address 21 security vulnerabilities. It looks like four bulletins will be rated critical while the rest are designated as important. Affected Microsoft products are:

--Windows

--Internet Explorer

--.NET Framework

--Silverlight

--Office

--Server Software

Wolfgang Kandek, CTO of Qualys, offered me his assessment in an email:

"As expected we are getting a larger batch of nine bulletins addressing a total of 21 vulnerabilities. Four bulletins are classified as "critical" and the remaining as "important". There is the expected critical update to Internet Explorer which should be highest priority. After all, we saw last month how quickly attackers are incorporating browser based attacks into their toolkits; an exploit for MS12-004 was detected a mere 15 days after Patch Tuesday.

"There are also two critical fixes for WIndows itself, plus one for the .NET framework that should be prioritized. In the "important" category, there are three Remote Code Execution vulnerabilities, one of them in Office. Most likely we are looking at file based attacks and at least the Office vulnerability should be included in your first tier of patching."

And now you know...

Previous Post: M86 report proves water is wet Next Post: Your RSA, BSidesSF survival guide for 2012

View the discussion thread.

WEBCAST

Transition Confidently to the Cloud

Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.