Microsoft is shipping nine bulletins – four critical and five important – to patch 21 vulnerabilities on Patch Tuesday, the software giant said in its pre-notification advisory.
The critical bulletin will patch issues in Internet Explorer, Windows, and .NET Framework/Silverlight. The remaining five important bulletins affect Windows, Office, and Server Software.
“There is the expected critical update to Internet Explorer which should be highest priority. After all, we saw last month how quickly attackers are incorporating browser based attacks into their toolkits; an exploit for MS12-004 was detected a mere 15 days after Patch Tuesday. There are also two critical fixes for Windows itself, plus one for the .NET framework that should be prioritized”, commented Wolfgang Kandek, chief technology officer of Qualys.
Paul Henry, security and forensic analyst, Lumension, agreed that IT should prioritize the four critical bulletins first because all of them likely require a restart. “All in all, it’s a pretty sweet Valentine’s. We’ve had two fairly light patching periods in a row – with just 7 from Microsoft last month. Clearly, the company’s renewed [security] focus is paying off. Now if folks would just follow through and patch!”
Andrew Storms, director of security operations for nCircle, noted: “It’s surprising that this month’s patch affects almost every Windows operating system – each OS is affected by five of the eight applicable bulletins. That’s kind of weird because newer OS versions are generally more secure.”
“It’s even more surprising that Windows Server 2008 R2 is affected by the greatest number of bulletins. Generally, we see fewer bugs on server side operating systems, and this is doubly true for Server 2008 since so many of its newer mitigations and default settings protect the OS even when bugs are found”, he added.