• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Kicks Off Spring with Nine Security Bulletins

April 4, 2013 By Corey Nachreiner

The advanced notification results are in, and it’s looking good for Patch Day.

Next Tuesday, Microsoft will release nine security bulletins, two of which the Redmond-based software company rates as Critical. The bulletins will fix flaws in Windows, Internet Explorer (IE), Office, and some of Microsoft’s server and security software. As usual, they haven’t shared many details yet, but some experts expect the critical IE update to fix the zero day vulnerabilities disclosed at CanSecWest’s recent Pwn2Own contest. Either way, I expect the IE flaws to pose the greatest risk to most users, so you should plan on applying that patch as quickly as possible.

While nine bulletins may sound like a lot, it’s pretty average for Patch Day lately. Nonetheless, you should prepare your IT staff for a busy day of testing and patching next Tuesday. We’ll know more about these bulletins next week, and will publish alerts about them here. — Corey Nachreiner, CISSP (@SecAdept)

Screen Shot 2013-04-04 at 10.01.09 PM

Share This:

Related

Filed Under: Uncategorized Tagged With: Internet Explorer, Microsoft, pwn2own, Updates and patches

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    April 5, 2013 at 10:17 pm

    Join the opinion about “too little information”. Although, experts criticized Microsoft about “too little information about updates to its Modern apps” – I’ll reformulate it as “too little information about updates in Security Bulletin Advance Notification for April 2013”. What is the reason to hide descriptive information and work-around recommendations from IT-specialists? Suppose hackers will use descriptive info? Hardly, because:
    1. Microsoft has never published TOO DESCRIPTIVE technical information about products vulnerabilities and has never published underlying mechanisms. Their description is never enough to understand the mechanism and build an exploit.
    2. As a new vulnerability comes – discussing of it’s content, trial scripts, initial exploits etc. – all these activities are taking place on the underground hacking forums. I seriously doubt that members of such forums are using information from Microsoft security pages and blogs 🙂

    So, one again – what is the reason to hide descriptive information and (especially) work-around recommendations from IT-specialists, than publishing Security Bulletin Advance Notification?

    Reply
    • Corey Nachreiner says

      April 8, 2013 at 11:38 am

      Microsoft will release more detail on Tuesday, as vendor’s go, I think MS is doing better as far as security. They do share a significant detail on the issues, (on patch day itself). They only withhold info to patch day in order to protect the customers till the patch is available. They also have a project called MAPP (Microsoft Active Protections Program), where they share tons of technical detail, including exploits, with security partners before the patch is released. They do this to provide the partner’s with info needed to create signatures and other protections. WatchGuard’s security partners (like Broadweb, our IPS partner), is part of MAPP, which is why we often have signatures for the stuff released during Patch Day.

      Reply
  2. bvlgari 時計 says

    September 11, 2013 at 5:50 pm

    balenciaga バッグ

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use