• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Black Tuesday: Updates Correct .NET and MSXML Flaws

January 8, 2013 By Corey Nachreiner

Are you ready for the first Patch Day of 2013? If you run a Microsoft shop (Mac users need not apply this month), get ready as you’ll want to install some of today’s updates as soon as you can.

As promised, Microsoft released seven security bulletins and software updates today, two of which they rate as Critical. The seven updates fix 12 vulnerabilities in products like Windows, XML Core Services, the .NET Framework, and their System Center Operation Manager. The impact of these vulnerabilities ranges widely from allowing a remote user to execute arbitrary code, to basic Denial of Service (DoS) issues. If you manage any of the affected products, I recommend you apply the updates quickly—particularly the Critical ones.

As I mentioned in last week’s notification, Microsoft is not releasing a fix for the recent Internet Explorer (IE) zero day vulnerability today. They simply haven’t had time to fully craft the patch since the exploit’s first discovery. However, Microsoft has released a FixIt, which partially mitigates the issue. While I recommend you apply the FixIt, do know a security research organization has found it doesn’t prevent all forms of this particular attack. So you’ll still want to jump on Microsoft’s real patch once they release it. In the meantime, if you use one of WatchGuard’s XTM appliances with the IPS service, we have a signature that protects you from the known exploits for this IE zero day flaw.

I’ll post more detailed alerts throughout the day, but until then feel free to refer to Microsoft’s January bulletin matrix below (click the image for more detail).  — Corey Nachreiner, CISSP (@SecAdept)

MS Patch Day: January 2013

Share This:

Related

Filed Under: Uncategorized Tagged With: DoS, Microsoft, System Center Operation Manager, Updates and patches, Windows 8, Windows RT, XML Core Services

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The Qakbot Takedown
  • iPhone’s Latest 0-Day
  • Meta’ One Good Deed

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Meta’ One Good Deed
  • iPhone’s Latest 0-Day
  • The Qakbot Takedown
  • Weaponizing WinRAR
  • U.S. Cyber Trust Mark
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use