RSS

Discover news, guides, and products for your business

Follow us on:
Security Alert
Security Alert
Practical security advice » More Security Alert » RSS » All Blogs
  • Recommend:
  • 0 Comments
  • Print
Security

Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011

By Tony Bradley, PCWorld

Microsoft is playing Scrooge this year for any IT admins who were hoping to relax and ride out the rest of the year. There are 14 security bulletins planned for next week’s Patch Tuesday—one that happens to fall unusually late in the month thanks to December starting on a Thursday, and leaves IT admins with little time to patch before the holidays.

The good news, if you can call it good news, is that only three of the 14 security bulletins are rated as Critical. The bad news is that all of the remaining 11 are still rated as Important, and some of the vulnerabilities addressed in the Important security bulletins could be very attractive to would-be attackers.

Security warningIT admins who were hoping December would be laid back are in for a shock next week.The 14 security bulletins are comprised of seven impacting Windows, five related to Microsoft Office, one dealing with Windows Media Player, and the consistent monthly update for Internet Explorer. As per usual, the flaws identified tend to impact legacy software like Windows XP and Internet Explorer 6 more than current products.

Another spark of good news is that it appears that Microsoft will issue a patch for the vulnerability exploited by the Duqu worm. While the information in the security bulletin advance notification from Microsoft is intentionally vague, Rapid7 security researcher Marcus Carey points out that Bulletin 1 seems to address the same flaw being exploited, and that it requires a reboot--indicating that it is likely a kernel level patch.

Microsoft isn’t the only one closing 2011 with a bang, though. Qualys CTO Wolfgang Kandek notes in a blog post that Adobe plans to issue an out-of-band patch for Adobe Reader and Acrobat 9 to address a zero day flaw that is currently being exploited in the wild.

Paul Henry, a security and forensic analyst with Lumension, adds Java to the list of emerging attack targets. Henry points out that third-party tools like Adobe Reader and Java don’t usually get the same level of attention, and make easier targets in many cases.

Throw a Yule log on the fire, make yourself a pot of coffee, and get ready to roll next Tuesday. You’ll have a lot of work to do to get everything patched and protected so you can enjoy a peaceful holiday break, and come back ready to take on 2012.

Was this article useful? Yes 0 No 0

Read more like this: , ,

Tony Bradley

You can follow Tony on his Facebook page, his Google+ profile, or contact him by email at tony_bradley@pcworld.com. He also tweets as @TheTonyBradley.

Comments

  • Speed Up Everything!

    PCWorld shows you the secrets to improve performance on all your hardware.

    Get the Superguide now!

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Featured Webcasts
More webcasts »

Free Whitepapers

Software and Services Whitepapers from PCWorld

More whitepapers »

Whitepaper Alerts

Get updates on white papers, case studies, and spotlights on tech products and solutions for your business.