Microsoft Patch Tuesday - get ready to patch and reboot the lot

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Sophos said:
t's Patch Tuesday this week - the last one, indeed, for 2013, the year in which we celebrated the tenth anniversary of Microsoft's formularised process for security updates.

So here's our news-in-brief, as usual, to give you a quick summary of what to look forward to on Tuesday.

You'll be facing a pretty regular-sized effort, with eleven bulletins, five of them critical and six of them closing potential remote code execution (RCE) holes.

The non-critical RCE bug is rated important, which is a level usually used by Microsoft for compromises that provoke some sort of warning or prompt, even if it's not a very helpful warning (in other words, where there is some visual signal to look out for).

But important is also used for some vulnerabilities that result from "sequences of user actions that do not generate prompts or warnings," though you and I would probably just say, "drive-by install" or, for that matter, "RCE."

[......]

Talking of EoPs, you will no doubt have read Microsoft's announcement, at the end of November, of CVE-2013-5065, a kernel-based privilege escalation bug in the driver NDPROXY.SYS on Windows XP.

The CVE-2013-5065 vulnerability is known to have been exploited in the wild.

What we don't know yet is whether the December 2013 Patch Tuesday fixes that one or not.

It seems probable, given that Bulletin 8 is listed as an EoP in Windows, with updates available only for XP and Server 2003. (That's the only bulletin that applies exclusively to XP/2003.)

But we shall have to wait until Tuesday tell you for sure.

By the way, this month really is an omnibus (a Latin word meaning "for everyone") update.

All platforms are affected, from XP to 8.1 and from Server 2003 to 2012, including installs of the stripped-down Server Core variants.

In addition, this month's Internet Explorer update covers the whole product range, from IE 6 to IE 11.

In short: plan to patch (and to reboot) every Windows-based computer and virtual machine in your business, no later than at the earliest opportunity.
Read more: http://nakedsecurity.sophos.com/2013/12/08/microsoft-patch-tuesday-get-ready-to-patch-and-reboot-the-lot-including-server-core/
Click to expand...
 
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • +Reputation
New Update Windows 10 February 2024 Patch Tuesday (KB5034763)
Replies
4
Views
935
Windows 10
B-boy/StyLe/
B-boy/StyLe/
silversurfer
    • Like
    • +Reputation
    • Thanks
New Update Windows 10 January 2024 Patch Tuesday (KB5034122)
Replies
0
Views
592
Windows 10
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
New Update Windows 11 March 2024 Patch Tuesday update for 23H2, 22H2 (KB5035853) and 21H2 (KB5035854)
Replies
0
Views
232
Windows 11
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top