Microsoft Patch Tuesday Preview, July 2013

July 4, 2013

In keeping with its usual schedule, despite the Independence Day holiday here, Microsoft today released the Security Bulletin Advanced Notification for July 2013, previewing the security bulletins and associated patches it intends to release next Tuesday, July 9, 2013.   This month there are seven bulletins in all; six of these have a maximum security rating of Critical; the other is rated Important.  Five of the bulletins affect Windows and its components; a sixth affects Windows as well as some other software (Office, Lync, Silverlight).

All supported versions of Windows have several Critical bulletins.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 6
Windows Vista 6
Windows Server 2003 5 1
Windows Server 2008 5 1
Windows 7 6
Windows Server 2008 R2 5 1
Windows 8 6
Windows RT 5
Windows Server 2012 5 1
Windows Server Core 3

In addition, one of the bulletins affects Microsoft’s Silverlight, and is rated Critical.  Another affects Lync, for which it is rated Critical, as well as Office and Visual Studio, for which it is rated Important.

The remaining bulletin, which is rated Important, applies to Windows Defender.

Microsoft says that two of the Windows bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.

Comments Off on Microsoft Patch Tuesday Preview, July 2013 | Internet, Security Patches, Software | Tagged: , , , , , , , , | Permalink
Posted by Rich

Microsoft Patch Tuesday, June 2013

June 11, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are five bulletins, addressing 22 identified vulnerabilities.   Four of the bulletins are for Windows and its components (including Internet Explorer);  one of these is rated Critical, and the others Important.  All supported desktop versions of Windows are affected by the Critical bulletin. (This month´s preview post has a breakdown of patches by severity and Windows version.)

The remaining bulletin, rated Important, applies to Microsoft Office, specifically Office 2003 and Office for Mac.

Microsoft says that the Windows bulletins will definitely require a system reboot; the Office bulletin may require one, depending on the configuration of your system.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for June 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

Update Tuesday, 11 June, 13:30 EDT

The Internet Storm Center at the SANS Institute has posted its usual monthly summary of Microsoft´s bulletins.

Comments Off on Microsoft Patch Tuesday, June 2013 | Internet, Security Patches, Software | Tagged: , , , , , , | Permalink
Posted by Rich

Microsoft Patch Tuesday Preview, June 2013

June 9, 2013

In keeping with its usual schedule, Microsoft on Thursday  released the Security Bulletin Advanced Notification for June 2013, previewing the security bulletins and associated patches it intends to release next Tuesday, June 11, 2013.  This month there are five bulletins in all; one of these has a maximum security rating of Critical; the rest are rated Important.   Four of the bulletins are for Windows and its components.  All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 1 1
Windows Vista 1 2 1
Windows Server 2003 1 1
Windows Server 2008 2 2
Windows 7 1 2 1
Windows Server 2008 R2 1 2
Windows 8 1 3
Windows RT 1 2
Windows Server 2012 2 1
Windows Server Core 3

The remaining bulletin, which is rated Important, applies to Microsoft Office, including Office for Mac.

Microsoft says that all four of the Windows bulletins will definitely require a restart, and the other bulletin may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.

1 Comment | Internet, Security Patches, Software | Tagged: , , , , , | Permalink
Posted by Rich

Microsoft Patch Tuesday, May 2013

May 14, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are ten bulletins, addressing 32 identified vulnerabilities.    Two bulletins have a Critical severity rating, and the remaining eight are rated Important.   Five of the bulletins are for Windows and its components; every supported version of Windows is affected, and all desktop versions have one or more Critical vulnerabilities.

The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products.   There are three bulletins for Microsoft Office and its components (including Word Viewer).  Microsoft Lync has one bulletin, and there is one for Windows Essentials.

Microsoft says that three of the Windows bulletins will definitely require a system reboot, and the others may require one, depending on the configuration of your system.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for May 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Update Tuesday, May 14, 14:40 EDT

According to the folks at the SANS Internet Storm Center, one of these bulletins, MS13-038, which applies to Internet Explorer 8, fixes a vulnerability that is being exploited currently.

Comments Off on Microsoft Patch Tuesday, May 2013 | Internet, Security Patches, Software | Tagged: , , , , , , , | Permalink
Posted by Rich

Microsoft Patch Tuesday Preview, May 2013

May 12, 2013

In keeping with its usual schedule, Microsoft on Thursday  released the Security Bulletin Advanced Notification for May 2013, previewing the security bulletins and associated patches it intends to release next Tuesday, May 14, 2013.  This month there are ten bulletins in all; two of these have a maximum security rating of Critical; the rest are rated Important.   Five of the bulletins, including both the Critical ones, are for Windows and its components.  All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 2 2
Windows Vista 2 2
Windows Server 2003 1 2
Windows Server 2008 1 2
Windows 7 2 2
Windows Server 2008 R2 2 2
Windows 8 1 3
Windows RT 1 2 1
Windows Server 2012 3 1
Windows Server Core 3

Microsoft says that four of the Windows bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products.   There will be three bulletins that apply to Microsoft Office, one for Lync, and one for Windows Essentials.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.

2 Comments | Internet, Security Patches, Software | Tagged: , , , , , , | Permalink
Posted by Rich

Microsoft, Verizon Release Security Reports

April 23, 2013

Two new reports have just been released dealing with the state of Internet security; one is from Microsoft, and the other from Verizon.  If you are interested in security, I recommend both reports as interesting, if sometimes rather depressing, reading.

Since 2008, Verizon’s RISK Team has published an annual report summarizing security and data breach incidents, and categorizing them on various criteria (e.g., who did it?  how was it done?).  The 2013 Data Breach Investigations Report [PDF] analyzes data from more than 47,000 security incidents, and 621 confirmed data breaches.  This year, the report attempts to assess the prevalence and origins of “espionage” attacks: those whose primary motivation was not mischief, or financial gain, but theft of trade secrets and other intellectual property.  There is also an Executive Summary [PDF] available.

Microsoft’s Security Intelligence Report (Vol. 14) [PDF], which covers the period July through December, 2012, is (as you might expect) more focused on software security issues.  The report looks at the software security vulnerabilities that have been disclosed, and the exploits that have been detected, and attempts to identify particular problem areas and trends.  As has been true for some time, the most common type of exploit is one involving HTML and JavaScript; document-based and Java-based exploits, two other hardy perennials, showed a significant increase in the second half of 2012.   There is also a Key Findings [PDF] summary of this report.

I have not had a chance to read these reports yet, but will post further comments here when I have.   An essential part of any sensible security analysis is an evaluation of the threats one is guarding against.  These reports should provide some information useful in that exercise.

Comments Off on Microsoft, Verizon Release Security Reports | Internet, Security | Tagged: , , , , | Permalink
Posted by Rich

« Previous Entries
Next Entries »
%d bloggers like this: