Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft to patch Windows 8, but stays mum on IE zero-day fix

Gregg Keizer | Jan. 4, 2013
Microsoft will release seven security updates next week -- including one rated critical for Windows 8 and Windows RT -- to patch 12 vulnerabilities in Windows, Office, SharePoint Server and the company's website design software.

According to Microsoft, Bulletin 2 -- one of the two pegged critical -- applies to all supported versions of Windows, from the 11-year-old XP to 2012's Windows 8 and Windows RT, from Server 2008 to Server 2012. It will also affect Office 2003 through Office 2007 on Windows; Expression Web, part of the Expression Studio web development suite; and SharePoint Server 2007, Groove Server 2007 and System Center Operations Manager 2007.

Other security professionals, including Wolfgang Kandek, CTO of Qualys, and Paul Henry of Lumension, also put the spotlight on Bulletin 2.

Storms characterized the rest of Tuesday's bulletins as "not all that interesting," but some disagreed.

"Bulletin 5 may end up being the most significant, as it targets Vista SP 2, Server 2008 and Windows 7," said Alex Horan, senior product manager with CORE Security, in an email. "This has the potential for the most long-term issue, as it represents an extremely large base of potential targets if it is not rectified properly."

Microsoft rated Bulletin 5 as important. As Horan noted, it will not apply to Windows XP, but will to Windows 8 and Windows RT, both released two months ago. According to Web metrics company Net Applications, Vista, Windows 7 and Windows 8 collectively power about 57% of all Windows PCs.

Also today, Microsoft told customers it was revoking two digital certificates fraudulently acquired by cyber criminals from a subsidiary of TurkTrust, a Turkish CA that has ties to that country's military.

Users of Vista and Windows 7 will automatically receive the certificate revocation update if they had applied an update Microsoft offered June 11, 2012, part of its retooling of its own certificate-generation process. That was done after the discovery of "Flame," cyber-espionage malware that spread through a network by exploiting Microsoft's Windows Update mechanism. Windows 8 and Windows RT users will also get the certificate revocation update, since those brand-new operating systems have the same functionality baked in.

Windows XP users must run Windows Update to download and install Microsoft's certificate revocations, which were released Thursday.

Microsoft will deliver next week's seven security updates on Jan. 8 at approximately 1 p.m. ET.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.