Microsoft and Oracle mark Valentines with patching spree

Microsoft and Oracle mark Valentines with patching spree

Four of the Microsoft updates are critical

Article comments

The Valentine's Day 2012 edition of Patch Tuesday is upon us, and Microsoft has come forward with details on the nine bulletins it previewed last week.

The news comes as Oracle patched 14 Java vulnerabilities.

Although Lumension security and forensic analyst Paul Henry called it a "pretty sweet Valentine's Day", given the relatively light patch load total for the month, additional patches from Adobe may spoil the mood for others.

As previously noted, four of Microsoft's nine security bulletins are deemed "critical." The most important, Henry said, are the two bulletins that have been publicly disclosed. One is susceptible to remote code execution in Windows, while the other addresses a similar vulnerability in Silverlight and the .NET Framework.

Beyond that, Henry believes the two patches deemed "important" should receive higher priority because they have also been publicly disclosed. Both are susceptible to remote code execution in Windows, one through the Colour Control Panel and the other through Indeo Codec.

However, given the recent spike in browser-based attacks, Qualys CTO Wolfgang Kandek says the patch for four privately discovered vulnerabilities in Internet Explorer -- MS12-110 -- should receive the most attention.

"We have seen how quickly attackers can react to new vulnerabilities when exploits for MS12-004 appeared within 2 weeks of its release on attack sites," Kandek said. "So while none of the vulnerabilities in MS12-010 were publicly known, you should install this fix as quickly as possible."

Although it surpassed the seven bulletins released last month, the nine patches issued today is a low for the month of February since 2009. That's a sign that a focus on security may be paying off for Redmond, Henry said.

However, a happy Valentine's Day for Microsoft doesn't necessarily mean the same for the IT department. Citing Oracle's concurrent release of patches for 14 Java vulnerabilities, which have been targeted particularly frequently of late, Henry says some support teams may have their hands full.

"The light patch load from Microsoft does not mean IT can sit back and relax however," Henry says. "A significant patch update from Oracle came out recently and, as always, threats targeting Java must be addressed, as currently it is the bad guys' most popular attack vector."

Similarly, Adobe released five security bulletins today as well. Four of the patches, specifically those addressing vulnerabilities in Shockwave Player, Flash Media Player Server, Flash Player and Photoshop, were deemed critical, while another targeting vulnerabilities in Robohelp was rated important.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *