Jump to content


Microsoft patch reinforces the value of software upgrades

  • Please log in to reply
1 reply to this topic

OFFLINE   sincity


    Advanced Member

  • Members
  • PipPipPipPip
  • 2980 posts
Getting Better
Microsoft patch reinforces the value of software upgrades

The latest of Microsoft's monthly patches, released on Tuesday, has reinforced the need for organisations to move on from older versions of software to avoid attacks.

The Microsoft Patch for December addressed 24 vulnerabilities with 11 security bulletins. The bulletins covered Windows, Office, Internet Explorer, Visual Studio and Sharepoint among other pieces of Microsoft software. Five of the bulletins held a critical rating, stressing the need to apply the patches as soon as possible.

MS13-096, one of the patches, fixes a vulnerability (already being exploited by attackers) in the GDI+ library for parsing TIFF image files. It affects older Microsoft software including Vista and Office 2003, 2007 and 2010. It has already been recorded as being used in attacks in the Middle East and Asia.

Among other problems addressed by the patch this month include malicious webpage attacks, script functionality and fake Authenticode algorithms.

Easy targets

Newer software, naturally, tends to have less vulnerability to these attacks than older software. Windows 8 has more security features than 7, and 7 more than Vista. "Even if you fully patched Windows XP you are running far more of a risk than with Windows 7" Qualys chief technology officer, Wolfgang Kandek, says.

Kandek notes as an example that there is a zero-day vulnerability in XP (not addressed in this month's patch) which exploits have already been crafted for. In this case, an infected PDF file can be sent to a user that, when opened, deposits code that grants an outside user administrative access.

Qualys estimates that 15% of businesses are still running Windows XP. Though its use is declining, it is doubtful that no companies will be on the OS by April 2014 when Microsoft stop issuing security patches. "After April, all these machines will be very easy targets," stresses Kandek.

In 2013 Microsoft has covered 330 vulnerabilities with 106 bulletins.





  • Members
  • Pip
  • 4 posts

In the event that you have chosen to sit for the affirmation test, by then it would be the best thought for you to start your strategies with , which are the most significant assessment material present on the web! These confusing things will help you in acing 70-705 exam dumps with no issue. The things have been made with a dream to give the test takers the most simple, sagacious, and very evident substance that needs no help.

Also tagged with one or more of these keywords: windows

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users