Microsoft Kicks Off Spring with Nine Security Bulletins

The advanced notification results are in, and it’s looking good for Patch Day.

Next Tuesday, Microsoft will release nine security bulletins, two of which the Redmond-based software company rates as Critical. The bulletins will fix flaws in Windows, Internet Explorer (IE), Office, and some of Microsoft’s server and security software. As usual, they haven’t shared many details yet, but some experts expect the critical IE update to fix the zero day vulnerabilities disclosed at CanSecWest’s recent Pwn2Own contest. Either way, I expect the IE flaws to pose the greatest risk to most users, so you should plan on applying that patch as quickly as possible.

While nine bulletins may sound like a lot, it’s pretty average for Patch Day lately. Nonetheless, you should prepare your IT staff for a busy day of testing and patching next Tuesday. We’ll know more about these bulletins next week, and will publish alerts about them here. — Corey Nachreiner, CISSP (@SecAdept)

Screen Shot 2013-04-04 at 10.01.09 PM

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

7 Responses to “Microsoft Kicks Off Spring with Nine Security Bulletins”

  1. Join the opinion about “too little information”. Although, experts criticized Microsoft about “too little information about updates to its Modern apps” – I’ll reformulate it as “too little information about updates in Security Bulletin Advance Notification for April 2013”. What is the reason to hide descriptive information and work-around recommendations from IT-specialists? Suppose hackers will use descriptive info? Hardly, because:
    1. Microsoft has never published TOO DESCRIPTIVE technical information about products vulnerabilities and has never published underlying mechanisms. Their description is never enough to understand the mechanism and build an exploit.
    2. As a new vulnerability comes – discussing of it’s content, trial scripts, initial exploits etc. – all these activities are taking place on the underground hacking forums. I seriously doubt that members of such forums are using information from Microsoft security pages and blogs 🙂

    So, one again – what is the reason to hide descriptive information and (especially) work-around recommendations from IT-specialists, than publishing Security Bulletin Advance Notification?

    • Microsoft will release more detail on Tuesday, as vendor’s go, I think MS is doing better as far as security. They do share a significant detail on the issues, (on patch day itself). They only withhold info to patch day in order to protect the customers till the patch is available. They also have a project called MAPP (Microsoft Active Protections Program), where they share tons of technical detail, including exploits, with security partners before the patch is released. They do this to provide the partner’s with info needed to create signatures and other protections. WatchGuard’s security partners (like Broadweb, our IPS partner), is part of MAPP, which is why we often have signatures for the stuff released during Patch Day.

Trackbacks/Pingbacks

  1. WatchGuard Security Week in Review: Episode 58 – Darkleech Apache Attack | WatchGuard Security Center - April 5, 2013

    […] Microsoft Patch Day to include nine security bulletins  – WGSC […]

  2. Remote Desktop and IE Updates Top April’s Patch Day List | WatchGuard Security Center - April 9, 2013

    […] expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like […]

  3. Remote Desktop and IE Updates Top April’s Patch Day List - Arlington, Fort Worth, Dallas | Marjen Technology Group - September 29, 2015

    […] expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like […]

  4. WatchGuard Security Week in Review: Episode 58 – Darkleech Apache Attack - Arlington, Fort Worth, Dallas | Marjen Technology Group - September 29, 2015

    […] Microsoft Patch Day to include nine security bulletins  – WGSC […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: