Microsoft and Adobe plan busy January patch days

IT departments will have a busy month of patching to kick off 2012.

Patch Tuesday

Both Microsoft and Adobe have welcomed the new year by announcing some notable patching days for IT departments to be aware of.

Microsoft usually keeps Patch Tuesdays quiet in January, but has issued seven security bulletins for eight vulnerabilities.

One of those is a critical remote code execution vulnerability in Media Player, although for users of Windows 7 and Windows 2008 R2 its severity is downgraded to 'important.'

The remaining bulletins are ranked as important. One of those covers the BEAST SSL flaw highlighted by researchers last year.

Next Tuesday it will be interesting to see, which exact Windows features are involved and how this vulnerability can be used by attackers.

Researchers found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could have undermined the security credentials of the SSL cryptographic protocol and affected millions of sites. However, little emerged from the discovery.

"Bulletins three and five, while rated 'important' both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at," recommended Wolfgang Kandek, CTO of Qualys.

"Bulletin two stands out as it is tagged as 'Security Feature Bypass,' which is a new category. Next Tuesday it will be interesting to see which exact Windows features are involved and how this vulnerability can be used by attackers."

Adobe will join Microsoft in issuing updates tomorrow (10 January). It will address critical flaws in Reader and Acrobat.

"These updates will include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows," Adobe said in its advisory.

Oracle is also due to issue its quarterly security update on 17 January, making it a busy month of patching for IT managers.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

New DNS vulnerabilities put millions of IoT devices at risk of hacking
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk of hacking

13 Apr 2021
Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
cloud security

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

13 Apr 2021
5G will accelerate cyber crime, predicts former White House CIO
5G

5G will accelerate cyber crime, predicts former White House CIO

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021