It’s the second Tuesday in July, and you know what that means: it’s Microsoft Patch Tuesday. Today, Microsoft released nine new security bulletins as predicted in the advance notice last week. Some updates are more urgent than others, though, so we turn to security experts for insight and analysis to help guide your patching efforts.
Of the nine security bulletins, three are rated as Critical while the remaining six are ranked as merely Important. Of course, Important still suggests a sense of urgency that shouldn’t be ignored.
Qualys CTO Wolfgang Kandek states in a blog post, “Of the three bulletins rated critical, the top priority goes to MS12-043 that addresses the MSXML vulnerability, which has been under attack for the last 30 days.”
Andrew Storms, director of security operations for nCircle, agrees. Storms notes that the XML flaw is already included in a variety of exploit toolkits, and attacks are circulating in the wild. Storms adds, “If you are paying close attention, you’ll notice that the XML version 5 patch for the bug isn’t shipping today. The fix for this version is probably not ready yet, so Microsoft decided to deliver the other patches. So far, all the attacks in the wild utilize XML version 3, so this release, even though not totally complete, seems like a no-brainer.”
Marc Maiffret, co-founder of eEye Digital Security and now CTO at BeyondTrust, points out, “Internet Explorer 9 is not only the “faster browser” this month but the fastest way to get you owned. MS12-044 specifically covers a critical vulnerability that affects only Internet Explorer 9.”
Maiffret finds it interesting that both MS12-043 and MS12-044 (the patches for XML and IE9) also affect the Windows 8 Release Preview. He stresses that we don’t really know if an exploit would be as straightforward on the new OS given new and improved security controls, but notes the fact that two out of nine security bulletins also affect the upcoming flagship OS may be a harbinger of things to come.
“Of the Important bulletins, MS12-046 and MS12-048 should be next on everyone’s “Must Patch” list,” according to Marcus Carey, a security researcher with Rapid7. Carey adds, “MS12-046 and MS12-048 can both exploit victims who navigate to malicious WebDAV or SMB shares and opens malicious files in the malicious directory. These two bulletins are primed for spear phishing attacks.”
As with every Patch Tuesday, the prioritization of updates, and the degree of urgency with which the patches are implemented will vary from one organization to the next. Examine the Microsoft security bulletins, and install the updates that affect your systems as soon as possible.