Tuesday 13 December, Microsoft will release its Patch Tuesday. 14 updates are correcting 20 vulnerabilities in the program. Experts expect the correction of vulnerabilities for Duque and BEAST.Microsoft announced today that it will issue Tuesday, December 13, at the Patch Tuesday, 14 security updates to fix 20 vulnerabilities in Windows, Internet Explorer (IE), Office and Media Player. Among patches, security experts think they will be used to fill the gaps used by Duque and repair SSL 3.0 (Secure Socket Layer) and TLS 1.0 (Transport Layer Security), the victim of a hacking technique called BEAST (Browser Exploit Against SSL / TLS).
"They put everything on the table" exclaimed Andrew Storms, director of security operations at nCircle security, describing the wide range of Microsoft products that will be corrected. He adds, "it looks like a spring cleaning before the end of the year. "3 of 14 updates have been classified by Microsoft as" critical ". The remaining 11 were described as "important." 10 bugs in updates could be exploited by remote attackers via malicious code installed on unpatched PCs.
Microsoft News
* - Duque: waiting for the patch, Microsoft delivers a partial correction
* - The social network socl.com Microsoft engages a little more
* - Microsoft makes a Kinect PC
* - The Microsoft Office suite 365 of building up its capabilities and its presence
* - Interest in Windows 8 tablets in free fall, according to Forrester
Andrew Storm points out that the update of IE will be quickly installed by users. He noted however that due to the cycle of corrections, users forget to update their browsers, especially during major purchases online. " The Redmond company has corrected IE 6 this year, but Andrew Storm is surprised that the publisher has waited until the end of the year and especially the holiday periods to repair defects in the browser. He argues for a major update in November.
Duque and BEAST in the crosshairs
Updating one should also be installed quickly, says Marcus Carey, a security researcher for Rapid7. He correlated the Windows versions affected by this update and the previous month to deduce that this bulletin addresses the vulnerability exploited by Duque. "The main reason I think this newsletter is on Duque is that it requires a reboot, which indicates that a kernel bug must be fixed. In addition, it affects all versions of the OS. " Andrew Storm think Microsoft will also stop the flaw in the analysis engine TrueType identified by the publisher as a vector attacks Duque. It states that "it would be stupid not to have a patch Duque before the end of this year. Microsoft has had enough time. "
The security specialist also expects an update on long-standing problems in SSL 3.0 and TLS 1.0 on Windows. Microsoft has released a security advisory last September on the hacking technique called BEAST recently unveiled.
The 14 updates provided Tuesday, December 13 fall into the third position from 17 December 2010 and April 2011. The total number of updates for 2011 is 100, or 5.6% less than in 2010 and the total number of vulnerabilities addressed was 237, or 10.7% below the record 2010 , 266.
No comments:
Post a Comment