News

Microsoft's 2012 Inaugural Security Patch To Include 7 Fixes

January's Security Update from Microsoft, arriving next Tuesday, will feature six fixes for Windows and one fix for Microsoft developer tools, according to the company's advance notice.

Only one security bulletin in the patch, a remote code execution fix for Windows, is expected to be labeled "critical." This lone critical item will apply to all supported Windows versions, except for the most recent client and server operating systems. It's not the only one to watch in this patch release, according to Wolfgang Kandek, chief technology officer at Qualys.

"Bulletin one is the single bulletin rated as 'critical' and should be considered the priority, however for users of Windows 7 and Windows 2008 R2 its severity is downgraded to 'important,'" Kandek explained in a blog post. "Bulletins three and five, while rated 'important' both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at."

The second bulletin in the patch will be a Windows fix for a "security feature bypass" error, or SFB. It's a new vulnerability classification -- at least in terms of Microsoft's security bulletin release history.

"Eagle-eyed readers of the summary page will notice an unusual vulnerability classification, 'Security Feature Bypass,' for one of our Important-severity bulletins," explained Microsoft's Angela Gunn in a blog post. "SFB-class issues in themselves can't be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit."

More details about Microsoft's January patch will be available once it goes live on Tuesday, at around 10 p.m. Pacific Standard Time.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.