Jason Miller

Marking the May 2012 edition of Patch Tuesday, Microsoft has released seven new security bulletins addressing 23 vulnerabilities.

The first bulletin administrators should address immediately is the mammoth security bulletin MS12-034.  The sheer size of this security bulletin will undoubtedly affect the majority of your network when patching this month.

This bulletin covers:
72 Microsoft operating systems / service pack combinations
31 Microsoft .NET installation versions and types
9 Microsoft Office installation versions and types
6 Microsoft Silverlight installation versions and types

This is by far one of the largest security bulletins Microsoft has ever released.  This bulletin will address seven vulnerabilities with …

Microsoft has released their Advanced Notification for the May 2012 edition of Patch Tuesday.  Microsoft is planning to release seven bulletins addressing 23 vulnerabilities.  In addition, they will be releasing a Security Advisory to update ActiveX killbits.  Last year, Microsoft moved the ActiveX killbit updates from a Security Bulletin to a Security Advisory.  So, you should be aware that there will be eight bulletins that need your attention next Tuesday.

Security Bulletin Breakdown:

4 bulletins are rated as Critical
3 bulletins are rated as Important
5 bulletins addressing vulnerabilities that could lead to Remote Code Execution
2 bulletins addressing vulnerabilities that could lead to Elevation …

Microsoft has released six bulletins addressing 11 vulnerabilities in the April 2012 version of Patch Tuesday.

Marking the fourth Patch Tuesday of the year, Microsoft and non-Microsoft vendors are making this quite an interesting month with critical security bulletins and new products to consider in your monthly Patch Tuesday.

There are many products that are affected by the new security bulletins. This means you will be seeing quite a few patches missing on a single machine.  For example, MS12-027 affects 29 different products and service pack levels.  For those administrators responsible for reporting their patch compliance, this can …

Microsoft has released their Advance Notification for the upcoming April Patch Tuesday.  With the six bulletins announced, Microsoft is planning to address 11 vulnerabilities.  This marks Microsoft’s heavy patch month and we are seeing this with the sheer number of affected products this month.  We are also looking at a heavy server patching month to go along with all workstations being affected.

 Security Bulletin Breakdown:

4 bulletins are rated as Critical
2 bulletins are rated as Important
5 bulletins addressing vulnerabilities that could lead to Remote Code Execution
1 bulletin addressing a vulnerability that could lead to Elevation of Privilege

 Affected Products:

All supported Microsoft …

Microsoft has released six bulletins for the March 2012 Patch Tuesday.  With this release, Microsoft is addressing seven vulnerabilities.

The primary bulletin administrators should look to address first is MS12-020.  This bulletin addresses two privately reported vulnerabilities to Microsoft affecting the Remote Desktop Protocol on all supported versions of the Microsoft operating system.

If an attacker sends a specially crafted packet to a machine with RDP enabled, the attack could result in Remote Code Execution on the target machine.  Although Microsoft is stating that most machines do not have RDP enabled by default, I know of many organizations …

Microsoft has released their advanced notification for the March 2012 edition of Patch Tuesday.  Microsoft is planning to release six bulletins addressing seven vulnerabilities.

 Security Bulletin Breakdown:

1 bulletin is rated as Critical
4 bulletins are rated as Important
1 bulletin is rated as Moderate
2 vulnerabilities could lead to Remote Code Execution
2 vulnerabilities could lead to Elevation of Privilege
2 vulnerabilities could lead to Denial of Service

 Affected Products:

All supported Microsoft Operating Systems
Microsoft Visual Studio 2008, 2010
Microsoft Expression Design 1, 2, 3, 4

I will be talking about the March Patch Tuesday as well as any other non-Microsoft patches that have been recently released next …

Microsoft has released nine new security bulletins for the February 2012 edition of Patch Tuesday.  This Patch Tuesday is typically marked as a ‘heavy’ release month and includes nine new security bulletins addressing 21 vulnerabilities.

There are two bulletins that administrators should look to patch immediately.  Both of these bulletins address vulnerabilties that have the potential for drive-by attack scenarios from websites.

First up is Microsoft security bulletin MS12-010.  This bulletin affects all supported Microsoft Internet Explorer browsers and addresses four vulnerabilities in the browser.  As is the case with most, if not all Internet Browsers, it is …

Microsoft has announced their February 2012 Advanced Notification for the upcoming Patch Tuesday.  Microsoft is planning to release nine security bulletins fixing 21 vulnerabilities.

Security Bulletin Breakdown:

4 bulletins are rated as Critical
5 bulletins are rated as Important
7 vulnerabilities could lead to Remote Code Execution
2 vulnerabilities could lead to Elevation of Privilege

Affected Products:

All supported Microsoft Operating systems
All supported Internet Explorer browsers
Visio Viewer 2010
SharePoint Server 2010
SharePoint Foundation 2010
Silverlight 4

There has been no word of other vendors planning to release new security bulletins, but we are constantly monitoring to find any other vendors planning on joining Microsoft’s Patch Tuesday.

I will be talking …

Microsoft is starting off the new year with seven new security bulletins released for the January 2012 Patch Tuesday.  These seven new security bulletins address eight vulnerabilities.

The primary bulletin administrators should patch first is MS12-004.  This security bulletin addresses two vulnerabilities with Windows Media types.  Opening a malicious media or MIDI file on an unpatched system could allow an attacker to gain full control of the system.  As media files are extremely popular for viewing and sharing, administrators should patch this bulletin on their workstation machines as soon as possible.  It is important to note that …

Microsoft is kicking off the 2012 year with seven new Microsoft Security Bulletins.  Just announced in their advanced notification for the January 2012 Patch Tuesday, these seven security bulletins will address eight vulnerabilities.

Security Bulletin Breakdown:

1 bulletin is rated as Critical
6 bulletins are rated as Important
3 vulnerabilities could lead to Remote Code Execution
1 vulnerability could lead to Security Feature Bypass
2 vulnerabilities could lead to Information Disclosure
1 vulnerability could lead to Elevation of Privilege

Affected Products:

All supported Microsoft Operating Systems
Microsoft Developer Tools and Software

This Tuesday will also be a good chance to install the out-of-band security update (MS11-100) on …