Discover Yahoo! With Your Friends

Explore news, videos, and much more based on what your friends are reading and watching. Publish your own activity and retain full control.

To get started, first

YOUR FRIENDS' ACTIVITY

    Microsoft Shows Security Improvements with 2011 Patch Tuesdays

    By Jennifer LeClaire, newsfactor.com | Newsfactor.com – Wed, Dec 14, 2011
    Microsoft on Tuesday issued 13 security bulletins. Only three were rated critical. That's a small reprieve since IT admins expected 14 bulletins -- the fix for the so-called Beast attack did not make it into this release.

    December's Patch Tuesday brings Microsoft's total to 99 bulletins in 2011.

    Joshua Talbot, security intelligence manager for Symantec Security Response, said the most important patch this month is the TrueType Font Parsing issue, which is the zero-day vulnerability exploited as part of the Duqu targeted attacks.

    "The Duqu malware didn't actually incorporate an exploit for this issue in its code, but the vulnerability was used by malicious e-mail attachments to load Duqu onto targeted systems," he explained.

    Symantec typically puts Internet Explorer cumulative updates pretty high on its priority list, Talbot added, but this month none of the IE vulnerabilities are particularly high-impact issues.

    "They're still important, but we suggest prioritizing quite a few of the other bulletins ahead of them. For example, the Windows Media Player DVR-MS memory corruption issue," Talbot said. "This one looks pretty simple to exploit and can result in a complete system takeover. To make matters worse, [data execution prevention] and [address space layout randomization] only offer limited protection here."

    No Out-of-Band Patches in 2011

    Andrew Storms, director of security operations at nCircle, noted that it's been a long time since Microsoft pulled a bulletin at the last minute. Microsoft pulled the Beast fix because of a bad interaction with a high-profile vendor.

    "This last minute change highlights the extensive testing Microsoft does during the patch releases. A bad patch makes for the worst sort of IT heartburn," Storms said. "I'm sure we'll see the 'Beast' bulletin in the January patch, and waiting a little longer for a fix shouldn't be much of an issue because it's fairly difficult to take advantage of this bug."

    Although anything could happen in the next two weeks, Storms pointed out that Microsoft appears to have made it through 2011 without having to issue an out-of-band patch. In fact, he added, the year has been marked by lower severity ratings for all vulnerabilities.

    "The new, improved risk mitigation technologies in Windows 7 and IE9 just might make out-of-band Microsoft patches a thing of the past," Storms said, "and that would be the best holiday gift Microsoft could give."

    Total Patch Count Declines

    Considering the previous years of Microsoft patches, this is not a bad way to end the year, said Paul Henry, a security and forensic analyst and blogger at Lumension. Microsoft released 17 bulletins in the 2010 December Patch Tuesday. Microsoft's total patch count, 99, is also down in 2011, from 106 in 2010.

    "Clearly Microsoft has dramatically improved its software processes and this is reflected in the continued decline of vulnerabilities considered critical in the current codebase," Henry said. "The numbers speak volumes on the improvements from Microsoft. In 2006, 70 percent of security patches were critical and in 2011 critical vulnerabilities fell to just 30 percent. In an otherwise volatile threat landscape, this is good news for everyone."

     

    There are no comments yet

    [ [ [['Connery is an experienced stuntman', 2]], 'http://yhoo.it/KeQd0p', '[Slideshow: See photos taken on the way down]', ' ', '630', ' ', ' ', ], [ [['Connery is an experienced stuntman', 7]], ' http://yhoo.it/KpUoHO', '[Slideshow: Death-defying daredevils]', ' ', '630', ' ', ' ', ], [ [['know that we have confidence in', 3]], 'http://yhoo.it/LqYjAX ', '[Related: The Secret Service guide to Cartagena]', ' ', '630', ' ', ' ', ], [ [['We picked up this other dog and', 5]], 'http://yhoo.it/JUSxvi', '[Related: 8 common dog fears, how to calm them]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 5]], 'http://bit.ly/JnoJYN', '[Related: Did WH share raid details with filmmakers?]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 3]], 'http://bit.ly/KoKiqJ', '[Factbox: AQAP, al-Qaeda in Yemen]', ' ', '630', ' ', ' ', ], [ [['have my contacts on or glasses', 3]], 'http://abcn.ws/KTE5AZ', '[Related: Should the murder charge be dropped?]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 5]], 'http://yhoo.it/JD7nlD', '[Related: Bristol Palin reality show debuts June 19]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 1]], 'http://bit.ly/JRPFRO', '[Related: McCain adviser who vetted Palin weighs in on VP race]', ' ', '630', ' ', ' ', ], [ [['A JetBlue flight from New York to Las Vegas', 3]], 'http://yhoo.it/GV9zpj', '[Related: View photos of the JetBlue plane in Amarillo]', ' ', '630', ' ', ' ', ], [ [['the 28-year-old neighborhood watchman who shot and killed', 15]], 'http://news.yahoo.com/photos/white-house-stays-out-of-teen-s-killing-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120411/martinzimmermen.jpg', '630', ' ', 'AP', ], [ [['Titanic', 7]], 'http://news.yahoo.com/titanic-anniversary/', ' ', 'http://l.yimg.com/a/p/us/news/editorial/b/4e/b4e5ad9f00b5dfeeec2226d53e173569.jpeg', '550', ' ', ' ', ], [ [['He was in shock and still strapped to his seat', 6]], 'http://news.yahoo.com/photos/navy-jet-crashes-in-virginia-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120406/jet_ap.jpg', '630', ' ', 'AP', ], [ [['xxxxxxxxxxxx', 11]], 'http://news.yahoo.com/photos/russian-grannies-win-bid-to-sing-at-eurovision-1331223625-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/a/p/us/news/editorial/1/56/156d92f2760dcd3e75bcd649a8b85fcf.jpeg', '500', ' ', 'AP', ] ]
    [ [ [['did not go as far his colleague', 8]], '29438204', '0' ], [ [[' the 28-year-old neighborhood watchman who shot and killed', 4]], '28924649', '0' ], [ [['because I know God protects me', 14], ['Brian Snow was at a nearby credit union', 5]], '28811216', '0' ], [ [['The state news agency RIA-Novosti quoted Rosaviatsiya', 6]], '28805461', '0' ], [ [['measure all but certain to fail in the face of bipartisan', 4]], '28771014', '0' ], [ [['matter what you do in this case', 5]], '28759848', '0' ], [ [['presume laws are constitutional', 7]], '28747556', '0' ], [ [['has destroyed 15 to 25 houses', 7]], '28744868', '0' ], [ [['short answer is yes', 7]], '28746030', '0' ], [ [['opportunity to tell the real story', 7]], '28731764', '0' ], [ [['entirely respectable way to put off the searing constitutional controversy', 7]], '28723797', '0' ], [ [['point of my campaign is that big ideas matter', 9]], '28712293', '0' ], [ [['As the standoff dragged into a second day', 7]], '28687424', '0' ], [ [['French police stepped up the search', 17]], '28667224', '0' ], [ [['Seeking to elevate his candidacy back to a general', 8]], '28660934', '0' ], [ [['The tragic story of Trayvon Martin', 4]], '28647343', '0' ], [ [['Karzai will get a chance soon to express', 8]], '28630306', '0' ], [ [['powerful storms stretching', 8]], '28493546', '0' ], [ [['basic norm that death is private', 6]], '28413590', '0' ], [ [['songwriter also saw a surge in sales for her debut album', 6]], '28413590', '1', 'Watch music videos from Whitney Houston ', 'on Yahoo! Music', 'http://music.yahoo.com' ], [ [['keyword', 99999999999999999999999]], 'videoID', '1', 'overwrite-pre-description', 'overwrite-link-string', 'overwrite-link-url' ] ]

    News For You

    Loading...