Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Advance Notification for February 2013

The Advance Notification of Patch Tuesday from Microsoft has twelve bulletins listed for this month. Not a small number by any means but not completely unmanageable either. Five bulletins are listed as critical and seven important. There will be six bulletins addressing remote code execution, four elevation ofprivilege and two denial of service. Seven definitely require a restart afterpatching and five might require a restart after patching. Two of the criticalones are in Internet Explorer, which can't be good, the other critical ones arein Windows and Microsoft Exchange 2007 and 2010. The important ones arescattered between .NET, server software and Windows itself.

The two critical bulletins in Internet Explorer seem toimpact all versions, which includes 6, 7, 8, 9 and 10. Which will probably make these two themost critical of all the critical patches this month. Although if the IE updates don't take the topspot the patch for Exchange most definitely will. The patch will impact Exchange2007 and 2010, will require a restart and result in remote code execution ifnot applied. If you are an Exchange Server Admin I suggest scheduling that rebootnow and not waiting until the actual notification next week.

Everything else this month looks pretty run of the mill asfar as Microsoft patches go. Not to say they aren't important just not asdramatic as critical patches for IE and Exchange. Also this month look for anupdate to the Microsoft Windows Malicious Software Removal Tool. We should see the full release from Microsoft on schedule next Tuesday.

Related SpiderLabs Blogs