This months Microsoft Patch Tuesday contains Six bulletins, four rated critical, according to Microsoft advanced notification.
Many of the bulletin issues addressed affect new software, including the first fixes for Windows 8, which we find very concerning!
"Nothing is ever 100% secure and albeit mistakes are made in software. But it's still ugly to see," blasts Paul Henry, security and forensic analyst at Lumension Security Inc, a Scottsdale, Ariz.-based security firm.
The four critical bulletins address 13 vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework involving remediation for remote code-execution vulnerabilities.
Bulletin 1 addresses issues in Internet Explorer 9, requiring a restart to apply the patch.
Bulletins 2, 4 and 5 address issues in various Windows XP Service Packs, Windows Server 2003, Windows Vista Service Pack, Windows Server 2008, Windows 7, Windows Server 2008, Windows 8 Windows Server 2012 and Windows RT, and will require a restart.
According to Marcus Carey, security researcher at Boston-based security vendor Rapid7 Inc, says "Most organizations will be affected by these critical bulletins as they relate to legacy codebase that is present even in Microsoft's most recent releases"… "This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions. The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues."
Bulletin 6, listed as important, addresses a remote code-execution vulnerability and will require a restart to apply updates. This bulletin affects multiple versions of Microsoft Excel Service Pack, Microsoft Office for Mac, Microsoft Office Compatibility Pack Service Pack and Microsoft Excel Viewer.
Bulletin 3, rated moderate, is an information disclosure vulnerability rated as moderate and requires a restart. It affects several versions of Windows Vista Service
Pack, Windows 7 and Windows Server 2008.
Bottom line, leave your computers and servers on Tuesday Night and restart them first thing Wednesday Morning!