News

Office, 32-bit Windows fixes included in Patch Tuesday update

Jeremy Stanley

At the halfway point of 2013, Microsoft gave a bit of a break to IT admins with just five patch bulletins for June's Patch Tuesday updates.

But that doesn't mean IT admins should be complacent, as one critical bulletin

    Requires Free Membership to View

contains fixes for 19 vulnerabilities in Internet Explorer. The fixes address flaws in all recent versions of IE.

As it is a common attack vector, the patches should be applied immediately, said Wolfgang Kandek, CTO at Qualys Inc., an IT security firm based in Redwood Shores, Calif. Attackers could exploit and use the vulnerabilities against an enterprise.

Office 2003 received a fix rated important for an issue where a specially crafted document opened could lead to remote code execution.

One silver lining: Kandek said many enterprises may have already moved on to newer versions of the software, but should patch it if admins are running it.

The Windows kernel on 32-bit systems -- Windows Server 2008 and earlier -- is affected by an information disclosure vulnerability, rated important. Another bulletin delivered a fix for drivers, which, if unpatched, could lead to a denial of service vulnerability. And a printer spooler issue is the focus of a patch that fixes elevation of privilege vulnerability.

Windows patches in 2013: progress report

Microsoft so far has delivered 51 patch bulletins, an increase over last year when the company delivered 43 by June.

Kandek attributes it to Microsoft's responsiveness to more vulnerabilities, citing the monthly cumulative updates for Internet Explorer. In the past, IE was patched on a bimonthly basis.

"They're trying to be faster here," Kandek said.

He also noted how other companies signaled higher patching frequency, like Oracle with the issue-plagued Java. Oracle will switch to monthly patches instead of patches once every four months.

Kandek speculated that Microsoft is unlikely to switch to a patch release schedule faster than a monthly basis.

"Most companies like that they have a certain day" to plan and address patches, he said.

 


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: