Security Advisor

Welcome to Patch Tuesday, Windows 8

Who says you need a product to be released before it can join the patching fun? Microsoft's April security update features a "critical" update for Microsoft's .NET Framework running on all versions of Windows -- including the test versions of Windows 8.

Those running either the Consumer Preview or the Developer Preview (released in October of last year) will want to apply bulletin MS12-024 because, even though Windows 8 isn't ready, hackers won't wait around for the release candidate to target Windows' upcoming OS -- if there's a hole, attackers will exploit it.

The hole in question here is of the remote code execution variety, something April's security update is not lacking of. Five of the six bulletins released this month deal with this nasty intrusion

While it may be a bit strange to already be seeing Windows 8 as a receiver of security updates, it's not the star of the show this month. That honor goes towards a cumulative security update for Internet Explorer that plugs five privately reported vulnerabilities. The worst of these can lead to, you guessed it, a remote code execution.

What makes this update so important is that while a hacker may have to jump through a few holes to pull off a RCE attack in, say, Excel or Office, it's a bit easier to do in a Web browser -- all they have to do is to trick you into clicking on a link that you shouldn't be clicking on.

For those who slept through all of this month's Patch Tuesday festivities, get caught up here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.