Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Microsoft to release seven advisories on Tuesday

Posted on 04 January 2013.

The first Microsoft Patch Tuesday of 2013 includes 7 advisories (MS13-001 – MS13-007), two of which are listed as critical because they can be executed remotely.

One of these is bulletin 1, which affects Microsoft Server platforms. This is where I would prioritize patching efforts because this is potentially a worm-able bug and since Server Core is affected it could apply to a very common service.

Based on the affected systems, Server 2012 and 2008 SP2 are not affected, but Server 2008 release and SP1 are affected, so this is likely something Microsoft has known about for a while and quietly fixed.

The other critical is bulletin 2, which impacts a dog’s breakfast of Microsoft operating systems and applications (including Windows 8, RT, and Server 2012); this is likely another broad reaching library bug (a la GDI).

One thing to watch out for in this type of vulnerability is applying all the patches that apply to a system, e.g. it affects, Groove, Office, SharePoint, the OS, and other components. Administrators will have to patch for each affected component.

The other advisories are three privilege elevations, a security bypass and a DoS affecting Windows and .NET.