Heavy Patch Tuesday for February
Microsoft will be releasing 12 updates in February's Patch Tuesday next week to address a total of 57 vulnerabilities. According to Microsoft's Advance Notice released yesterday, five of these were rated as "Critical," while the remaining were pegged as "Important."
This heavier-than-usual update from Microsoft (NASDAQ: MSFT) will resolve vulnerabilities that were discovered in Windows, Internet Explorer and Microsoft Office. Other products that are affected include Windows Server, Microsoft Exchange, Microsoft FAST Search Server and the .NET Framework.
Of note are the sheer number of Windows operating system versions that were affected this month, with "critical" updates affecting Windows XP up to the new Windows RT.
"It's never a good sign when your current code base is impacted," wrote Paul Henry, security and forensic analyst at Lumension, in an email. "We hope that this month is a one-time spike and not a return to the to-to pattern of 2011."
Rapid7's Senior Manager of Security Engineering, Ross Barrett, noted that the clustering of updates around the Windows OS is good in that fewer overall products are affected. On the flip side, Barrett noted "it's bad because an organization with even the simplest deployment of Microsoft products will probably be hit by all of these advisories." This translates into both desktop and server teams being "extra busy."
- check out this article at ZDNet